github-swarm-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads GitHub PR content (gh pr view, gh pr diff, PR files/reviews/comments) and processes issue_comment events and in-PR "/swarm" commands (see the "PR-Based Swarm Creation", "PR Comment Commands", and GitHub Actions handle-commands sections), so it ingests untrusted user-generated PR bodies and comments that can directly control agent behavior and merge actions.