create-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and inspects repository content from remotes (e.g., via "git fetch $UPSTREAM_REMOTE $DEFAULT_BRANCH", "gh repo view", and reading commits/diffs with "git log" / "git diff") and uses commit messages, diffs, and PR templates (user-generated/untrusted content from upstream or forks) to generate PR titles/descriptions, which exposes the agent to untrusted third-party content that could contain indirect prompt injection.