publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch remote repo data (git fetch origin) and run gh pr view to "Review the current PR description" and then update the PR body, meaning it ingests user-generated PR/remote content from GitHub (an external, potentially untrusted source) as part of its decision-making and PR-editing workflow.