git-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read and act on GitHub pull request review threads and comments via the GitHub API/GraphQL (see references/pull-request-workflow.md and SKILL.md instructions to load PR workflow and reply/resolve threads), which are user-generated, untrusted third‑party contents that the agent is expected to interpret and use to drive actions.