git-commit-push-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs GitHub queries like gh pr view --json body and loads PR URLs into the ce-pr-description delegation, meaning it fetches and interprets user-authored GitHub PR bodies (untrusted, user-generated third-party content) and uses that content to decide and drive PR edits.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill explicitly invokes another skill with a PR URL (e.g., https://github.com/owner/repo/pull/123) and may run git fetch to pull a remote branch diff at runtime; those fetched remote contents are then used to generate the PR title/body (i.e., they directly control the agent's prompt/context), so they constitute a runtime external dependency controlling prompts.