gitee-auto-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and act on live Gitee third-party content (capture git push terminal output, extract the auto-* source branch name from the Gitee UI or remote refs, and return the PR URL) and also links an external help.gitee.com page, so untrusted/public content from Gitee can influence subsequent tool use and decisions.