agent-pr-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes user-generated GitHub pull request content (e.g., mcp__github__get_pull_request_files, gh pr view --json files, and other mcp__github__* calls shown in SKILL.md), which are public third-party sources the agent reads and uses to drive review/merge actions, creating a clear vector for indirect prompt injection.