ce-commit-push-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs GitHub CLI commands (e.g., gh pr view, gh pr diff) and its Pre-A / DU-3 steps state it "reads the current PR body" and resolves diffs/commits from PRs (references/pr-description-writing.md Step Pre-A and DU-3), meaning it ingests user-generated GitHub PR content (potentially public/forked) and uses that content to drive decisions and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs git/gh commands at runtime (e.g., git fetch / gh pr diff against the repository remote such as https://github.com// or git@github.com:owner/repo.git) to load commit diffs and PR bodies which are then injected into the model's composition context, so remote repository content can directly control the agent's prompts and outputs.