ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses gh/gh api (see "Core Rules" and workflow steps like "gh pr view", "gh api graphql") to fetch and read GitHub PR review threads, automated bot comments, and inline review comments — untrusted, user-generated third-party content that the agent must interpret and act on (triage, implement fixes, reply, resolve), so it can inject instructions that influence tool use and next actions.