github-pr-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's query-prs.sh explicitly calls "gh pr list ... --repo $REPO" to fetch GitHub pull request JSON (user-generated, potentially public content) and the SKILL.md instructs using --jq to read/filter that data, so untrusted PR content from arbitrary repos can be read and used to drive filtering/decisions.