krt-release-marshal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries GitHub (see references/github-pr-flow.md: "Gather PR Content" and "Reviewer Lookup" which run gh pr list/gh pr list --base ... --state merged and inspect titles/reviews/authors) and uses that user-generated GitHub data to infer reviewers and drive PR creation/edit actions, so untrusted third-party content is read and can materially influence tool behavior.