pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly runs "gh pr list --state merged ..." and instructs the agent to analyze merged PR titles/commit messages and commit history (Release PR Template / Determine version steps), which fetches user-generated GitHub content that the agent parses to recommend semver bumps and compose PR bodies, so external/untrusted PR text can materially influence decisions and actions.