create-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and parses GitHub PR data (e.g., "gh pr view --json title" in references/labels.md and GH CLI steps in SKILL.md) — user-generated PR titles/bodies from GitHub are untrusted third-party content that directly determine labeling and downstream actions.