gh-dep-pr-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill's Phase 2 explicitly instructs the agent to "Read the PR — gh pr view ..." (pulling PR bodies/files from public GitHub) and to "Check the changelog — web search for release notes" (fetching public web content), both of which are untrusted, user/third‑party sources whose contents the agent must interpret to decide merge safety.