babysit-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses user-generated GitHub content (review threads, PR reviews, and issue-level comments via references/github-api.md and Phase 1: Fetch) and external CI logs (references/ci-platforms.md) as required steps in its triage/plan/execute workflow, and those untrusted third-party contents directly drive decisions and tool actions (triage severity, fix plans, commits, resolves), enabling indirect prompt injection.