creating-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads and interprets user-generated content from GitHub and the local repo—e.g., commit messages via "git log $BASE_BRANCH..HEAD" and remote PR data via "gh pr view/gh pr list"—which are untrusted third-party sources and could contain indirect prompt-injection content.