merge-dependency-updates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to run GitHub searches and gh api graphql queries against the public dotnet/msbuild repository (e.g., reading pullRequest.reviewThreads.comments, reviews, files, and status checks) and to base branch updates/version bumps/merge decisions on that user-generated PR content, so it ingests untrusted third-party content that can influence actions.