gh-update-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call GitHub APIs/commands (e.g., "gh pr view --json ..." and "gh api repos/{owner}/{repo}/pulls/{number} ...") which fetch PR data from GitHub — user-generated, public/untrusted content — and the agent is expected to read/interpret that data as part of its workflow.