pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Always read the current PR description first" via gh pr view <number> --json title,body, meaning it ingests user-generated GitHub PR content (a public/untrusted third-party source) and must interpret that content to decide and apply edits.