wip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls GitHub CLI commands (e.g., gh pr list, gh pr view, gh pr diff) to read PR metadata, titles and diffs from a repository (third-party user-generated content) and uses that content to build focus areas, tier review/related PRs, and produce editorial summaries, so untrusted GitHub content can influence agent decisions and actions.