gh-pr-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to consult and act on existing open pull request state on GitHub (e.g., "Treat the current branch, local diff, and existing open PR state as authoritative" and "GitHub CLI commands that require network access..."), which requires fetching and interpreting user-generated content from a third-party site (GitHub) that can change the agent's push/PR actions.