babysit-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly queries GitHub APIs and CLI to fetch untrusted, user-generated content (PR issue comments, inline review comments, and review submissions as shown in references/github-api-notes.md and scripts/gh_pr_watch.py's fetch_new_review_items) and the workflow (SKILL.md) requires the agent to read/interpret those comments/logs and act (patch/commit/push, rerun CI), so third-party content can influence agent actions.