pull-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow explicitly fetches and ingests repository and PR data from remote Git hosts (e.g., "git fetch origin ", "git log/ git diff", and "gh pr view" / "glab mr view" in SKILL.md), which are third-party, user-authored contents that the agent is instructed to read and use to decide questions, titles, and next actions.