prepare-security-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and inspects GitHub PR data (via gh pr list and related commands) — including PR titles, bodies, review comments, CI/check statuses, and changed files from the specified owner/repo — which are user-generated, public third-party contents that the agent will read and interpret as part of its workflow.