git-upstream-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and reads untrusted, user-generated content from an upstream remote (e.g., via git fetch upstream, gh repo view --json parent, and git log --oneline ... upstream/main..HEAD), and explicitly uses commit messages and upstream history to derive branch names, commit messages, and PR content—so third-party content can materially influence actions.