github-pr-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to use the GitHub CLI (e.g., "gh pr view --json files,additions,deletions,title,body", "gh pr diff", "gh pr list") to fetch PR titles, bodies, diffs and comments from public GitHub repositories—untrusted, user-generated content that the agent is expected to read and use to drive reviews/merges—creating a clear avenue for indirect prompt injection.