create-pull-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read and summarise repository commit messages (git --no-pager log --oneline origin/HEAD..HEAD) and to query GitHub PR/repo data (gh pr view, gh repo view and a GitHub PR template URL), which are user-generated/untrusted contents from public GitHub and are used to populate PR titles/bodies and decide PR behavior.