pr-finalize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and read PR metadata and diffs from GitHub (e.g., "gh pr view XXXXX --json title,body" and "gh pr diff XXXXX") — user-generated, potentially public content — and requires the agent to interpret that content as part of its review workflow, so untrusted third-party content could influence decisions.