agent-pr-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and processes pull requests and files from GitHub (e.g., gh pr list/view, mcp__github__get_pull_request_files and related mcp__github__* calls), which are public, user-generated third-party content that the agent reads and interprets as part of its workflow.