open-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill ingests outsider-authored free text from the repository’s own commit history at runtime via git log origin/<main>..HEAD --pretty='%B' (commit messages/bodies written by other contributors), which is then used to draft the PR description and thus fed into the agent’s LLM context.