pr-description

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read PR diffs via the gh CLI or local git (e.g., "gh pr diff ") and to analyze user-provided git diffs/PR text, which are untrusted third-party repository/PR content that the agent interprets and can drive actions like editing the PR.