pr-creation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and interacting with GitHub content (e.g., git fetch origin, gh issue edit, running PR review agents and the Claude rule-review GitHub Action) so the agent will ingest and act on user-generated PR/issue/repo content from GitHub, which is an untrusted third-party source.