gh-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses GitHub PR data (issue comments, review comments and review bodies) via runGh and GraphQL calls in scripts/gh_pr_ops.ts and the SKILL.md workflow explicitly pulls "new comments" and instructs the agent to "implement the requested fix", so untrusted, user-generated GitHub content is read and can materially influence actions like marking/pushing/addressing comments.