pr-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and interprets untrusted, user-generated GitHub content — e.g., project files CLAUDE.md/AGENTS.md and .github/workflows (Step 6), GitHub API calls to repos/{owner}/{repo}/contributors and search/users (Step 5 resolving reviewers), and CI logs via gh run view/--log-failed (Step 10) — and uses those results to decide actions (which checks to run, how to fix failures, which reviewer to add), which could enable indirect prompt injection.