dependabot-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses open Dependabot PRs (via gh pr list / gh pr view) and reads PR bodies, release notes, and grouped-update tables as part of its workflow (see SKILL.md Step 1–3 and WORKFLOW.md Phase 1/3), and it uses that untrusted PR content to classify and decide merges/rebasing, so third-party content can materially influence actions.