check-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests PR/MR details, discussions, comments, and bot notes from third-party GitHub/GitLab APIs (see SKILL.md steps 2, 4.C, 7, 8 and references/gitlab-api.md), and it uses that user-generated content to decide actions (categorize issues, fix code, and resolve threads), so untrusted comment/body text could influence agent behavior.