pr-open

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow explicitly runs GitHub CLI commands (e.g., "gh issue view --json number,title,body" and "gh pr list --state merged ...") to read issue bodies and recent PR titles — user-generated, potentially public content that the agent is instructed to interpret and use to form PR titles/descriptions, so third-party content can influence actions.