pr-ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses GitHub PR and Actions data (e.g., "gh pr view --json statusCheckRollup", "gh api repos/.../actions/runs", and "gh run view ... --log-failed | tail -100") and then reads those CI logs and PR metadata (untrusted, user-generated content) to decide fixes and next actions, which could allow indirect prompt injection.