git-branch-pr-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's pr-context.sh script and GitHub MCP calls fetch and parse remote repository and PR data (e.g., git fetch origin , git log origin/..HEAD, and gh pr list/gh pr checks) — i.e., untrusted, user-generated commit messages and PR descriptions from a third‑party Git remote/GitHub are read and used to compose PR titles/bodies and guide actions, which could allow indirect prompt injection.