fin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to run GitHub CLI commands (e.g., "gh pr view"/"gh pr list", "gh pr checks --watch", "gh run watch ") which fetch user-generated PRs, comments, and CI/run outputs from third-party GitHub repositories that the agent must read and that can materially affect merge/next-action decisions.