chestertons-fence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Process Step 3 in SKILL.md explicitly instructs to "Search for the originating PR using gh pr list --search" and to "look for comments explaining intent," which requires fetching and interpreting GitHub PRs (untrusted, user-generated third‑party content) that can directly influence the investigation's recommendations.