finalize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run "gh pr view" (and "gh repo view") to read PR titles/descriptions and repository metadata from GitHub, which are user-generated/untrusted third‑party content that the agent is expected to interpret and that can change its branching/splitting/ship decisions.