github-renovate-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses GitHub content (see SKILL.md and README which show gh pr list/view/check commands against either a preset public repo set or user-specified owner/repo/PR URLs), and it interprets PR titles, bodies, labels, and checks to build and act on a merge plan—i.e., it ingests untrusted, user-generated third-party content that can materially influence tool actions.