merge-pr-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to call Gitee MCP tools (e.g., list_pull_comments, get_pull_detail, get_diff_files) to read PR descriptions, user comments, and diffs from public Gitee repositories—untrusted, user-generated content—which the agent must interpret to decide whether and how to merge the PR.