git-commit-push-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls GitHub/gh commands (e.g., gh pr view --json body, gh repo view --json, and related git/gh fetches) to read pull request bodies, metadata, and commits from GitHub — user-generated, public content that the agent ingests and uses to decide and perform PR edits, so untrusted third‑party content could influence its actions.