gh-enrich-pr-description

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) explicitly runs gh pr view / gh pr list and reads commit messages, PR titles/bodies, and related PR data from GitHub — user-generated, potentially public content — and uses that content to drive analysis, compose PR descriptions, and decide who to CC, so untrusted third-party text could influence agent actions.