github-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and parses GitHub user-generated content (e.g., gh api / gh pr / gh issue and graphql queries shown throughout SKILL.md and examples, including "claude --from-pr 456" which "loads PR diff, comments, review status") and uses that content to drive actions (auto-merge, checklist completion, milestone changes), so untrusted third-party content from GitHub can materially influence agent behavior.