push-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs git fetch origin and compares against origin/$BASE and its format-pr-body.py reads commit messages, diffs, and file metadata (from git log/diff) which are user-generated/untrusted content and are used to decide branch splitting, branch names, and to generate PR bodies, so third-party commit/diff text could materially influence actions.