dependabot-merger

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 commands (gh pr list ... --author "app/dependabot" --json ...body,url) explicitly fetch Dependabot PR titles/bodies from GitHub and Phase 2 requires scanning PR bodies/changelogs for "BREAKING CHANGE" and other signals to decide merges, which exposes the agent to untrusted, user-generated third‑party content that can materially influence actions.