pr-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and inspects remote repository content (git fetch origin, gh repo view / gh pr list, git log and git diff) and local repo files like .github/pull_request_template.md — all of which are user-generated/untrusted content that the agent parses (commit messages, branch names, and PR templates) to decide PR title/body and whether to mark "Closes" vs "Refs", so third‑party content can influence its actions.