pr-merge-cleanup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly instructs the agent to fetch and inspect GitHub PR and CI output (e.g., "gh pr checks" and "gh run view --log" in Step 3), which are user-generated/untrusted third‑party contents that the agent must read and act on to decide fixes and merges.