auto-pr-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads repository and GitHub metadata (e.g., "open threads / requested changes", PR comments, Review-Entscheidung, and .github workflows) via repo-file and GitHub-API/gh detection, so it ingests untrusted, user-generated third-party content (PR comments/reviews) that can directly influence decisions and tool actions.