pr-to-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider-authored PR content is ingested at runtime into LLM context via capture/extracted/visible-text.txt and capture/diff.patch (Step 1: gh pr view/gh pr diff → fetch-pr.mjs → ingest.mjs), which the orchestrator then uses to generate STORYBOARD.md/SCRIPT.md (LLM prompt injection surface from PR body/diff text).