create-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill invokes the GitHub CLI and API (e.g., gh repo view, gh pr create/edit, gh api) and reads commits/diffs and PR metadata from GitHub, which is public/user-generated content that the agent will read as part of its workflow, allowing potential indirect prompt injection.