pr-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs "gh pr view {PR_NUMBER} --json ..." (Step 1) to fetch pull request data from GitHub (third-party, user-generated PR metadata) and uses that information (title/state/mergeable) to decide and perform merges, so untrusted external content can influence agent actions.