pr-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run gh pr view ... --json title,body,headRefName,baseRefName,changedFiles and gh pr diff (steps 1–3) to fetch PR bodies and diffs from GitHub—untrusted, user-generated content that the skill reads and uses to drive triage decisions—so it can be influenced by third‑party instructions.