pr-finalize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and read PR title/body/commits and diffs using "gh pr view" and "gh pr diff" (see "Usage" and "Evaluation Workflow" in SKILL.md), which ingests user-generated GitHub PR content that can directly influence review decisions and next actions.