git-branch-pr-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses remote repository and GitHub data — e.g., scripts/pr-context.sh runs git fetch origin "$BASE_BRANCH" and the SKILL.md directs use of mcp__github__* (list/create/update PRs, issues) — which ingests untrusted user-generated commit messages, PR/issue bodies and CI data and uses those contents to generate PR titles, suggestions and drive actions, so third-party content can materially influence agent behavior.