push-to-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches PR data from the public GitHub API (see SKILL.md curl to https://api.github.com/repos/{OWNER}/{REPO}/pulls/{N}) and uses untrusted, user-generated fields like head.ref and maintainer_can_modify to determine branch names and whether to push, so third-party content can materially influence actions.