pr-ready

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls gh pr view to read PR title/body and also reads repository files (docs/specs/*.md, commit logs, .agents/pr-template.md) as required workflow steps, all of which are user-generated/third-party content that the agent interprets to generate PR text, decide spec vs code edits, and perform commits—creating a clear path for indirect prompt injection.