babysit-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub content (issue comments, inline review comments, review submissions via gh api endpoints in scripts/gh_pr_watch.py and reviewer-handling steps in SKILL.md) and uses those comment bodies and CI run logs (e.g., gh run view --log-failed) to decide actions like patching/pushing code, replying, resolving threads, or rerunning jobs, which meets all criteria for exposure to untrusted third-party content.