unblocked-context-search-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call context_search_prs to retrieve PR descriptions and review discussions from connected GitHub/GitLab/Bitbucket/Azure DevOps repos—user-generated third-party content that the agent reads and uses to guide follow-up queries and decisions, so it can introduce indirect prompt injection.