prcheckloop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects user-generated GitHub content—check runs, run logs, and repository workflow files via gh api / gh run view (see Steps 3 and 5 in SKILL.md)—and the agent is expected to read and act on that content to decide fixes, pushes, reruns, or escalations, which could allow indirect instruction injection from untrusted third-party sources.