merge-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and checks out PR branches and conflicted files from the repository remote (see SKILL.md Phase 1 "Fetch PR metadata via gh pr view / Checkout PR branch" and scripts/resolve_pr_conflicts.py which runs git fetch/checkout/merge and inspects commit messages via git blame), so user-provided PR content and commit messages from GitHub can be read and used to drive resolution decisions.