github-pr-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and interprets user-generated GitHub content (e.g., via "gh pr view", "gh api repos/$REPO/pulls/$PR/comments", and "gh pr checks $PR" in the Core workflow) and uses those results to decide whether to stop or proceed with merges, exposing the agent to untrusted third-party content.