pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries and reads user-generated GitHub content using "gh pr list" and "gh issue list" in the required workflow (Steps 1 and 4), exposing the agent to untrusted third-party issue/PR text that can influence PR creation/linking actions.