ce-commit-push-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads GitHub PR metadata and diffs (e.g., the "Existing PR check" in SKILL.md using gh pr view --json ... and the "Step Pre-A" in references/pr-description-writing.md which uses gh pr diff / gh pr view), and it requires the agent to read and preserve/interpret PR bodies and evidence as part of composing/updating PR descriptions—these are user-generated, public inputs that can directly influence the agent's decisions and subsequent tool actions.