quality-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3.5 Post-Audit Validation explicitly scans merged GitHub PRs using gh pr list/view and parses PR titles, bodies and changed files to auto-close or tag audit issues, so it ingests user-generated, potentially untrusted third-party content (GitHub PRs) that directly influences automated decision-making.