split-and-ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs commands like "gh repo view" and "gh pr view" and explicitly requires interpreting PR purpose (titles/descriptions) to decide whether to reuse an existing branch or create new PRs, which means it ingests untrusted, user-generated GitHub content that can materially influence subsequent branch/PR actions.