prepare-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly instructs the agent to read and act on "review findings" from a GitHub PR (via commands like gh pr checkout, gh pr view and the "If review findings exist, use them to guide fixes" step), which are user-generated, public/untrusted content that can materially influence commits and push actions.