pr-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads GitHub PRs and linked issue bodies via gh pr view/gh pr diff (Step 2 in SKILL.md) and uses those user-generated acceptance criteria to drive browser actions and verification steps, so untrusted third-party content can materially influence tool behavior.