agent-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow examples and required setup phase (SKILL.md "Setup" and "Workflow Mode" sections) show running shell commands like "gh pr diff ${{ env.PR_NUMBER }}" and interpolating the resulting ${{ diff }} into the kickoff message, which causes agents to ingest public GitHub PR diffs (user-generated third‑party content) that can materially influence agent decisions and tool use.