gh-pr-rebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and inspects remote repository content from the origin/GitHub (e.g., "refs/remotes/origin/HEAD", "gh repo view --json defaultBranchRef", and "fetch the latest remote state") and then interprets those user-generated commits/files/diffs to decide conflict resolutions and whether to rewrite/push history, exposing the agent to untrusted third-party content that can influence actions.