ship-it

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly reads existing pull request metadata from GitHub (Step 6: "gh pr view --json url,title,body"), which is user-generated, untrusted third-party content that the agent compares against commits and may use to decide whether to edit the PR, creating a pathway for indirect prompt injection.