create-github-pull-request-from-specification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls GitHub (e.g., SKILL.md steps 5 and 7: "gh pr list/view" and "gh pr diff") and reads PR diffs (and repository template files) which are user-generated/untrusted content on the open web and are directly inspected and used to construct the PR title/body, so third-party content can influence agent actions.