verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly reads and interprets untrusted, user-generated GitHub content—e.g., Step 3's gh pr view/gh api calls that extract review bodies and inline comments, Step 4's gh api call that reads QA issue comments, and gh run view --log-failed for CI logs—which the agent uses to decide fixes, pushes, and reruns, so those third-party texts can materially influence its actions.