pr-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs gh pr list --repo ... --json ... to ingest GitHub pull request data (titles, branch names, authors, etc.) from user-generated GitHub repos and then reads and uses those fields to build reports and decide/send alerts, so untrusted third‑party content from GitHub could influence the agent's outputs and actions.