validate-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads GitHub PR bodies using "gh pr view --json title,body,headRefName" (user-generated content from a public third-party) and uses that content to decide checks and to construct follow-up commands (e.g., a gh pr edit that embeds the PR body), so untrusted third-party text can materially influence behavior.