gh-create-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs gh pr view to read existing PR number/title/body and instructs the agent to "enhance" or edit existing PR descriptions (see "Existing PR for branch: gh pr view --json number,title,body" and "If a PR already has a meaningful description, enhance it rather than replace it entirely"), so it ingests untrusted, user-generated GitHub PR content that can influence subsequent PR-editing actions.