ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill explicitly fetches and inspects repository and PR data from remotes (e.g., preflight.sh performs git fetch / rebase and calls gh pr view; SKILL.md mandates analyzing git log, commit messages, and PR metadata to decide branch prefixes, changelog bumps, and to generate PR title/body), which are user-generated/untrusted third-party contents that the agent reads and uses to drive actions.