codex-pr-body

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read and edit existing GitHub pull request bodies (e.g., using "gh pr view" and to "check the existing pull request body"), which are user-generated, public third-party content and could influence how the agent constructs or modifies PR text.