merge-open-prs

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This points to an unverified GitHub user account (shipshitdev): GitHub itself is legitimate, but unknown/personal accounts can host unvetted releases or executables, so treat downloads from it as potentially risky and verify repo activity, stars, release contents, and signatures before running anything.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow ingests outsider-authored free text from GitHub PR metadata—specifically gh pr list ... --json number,title,... writes each PR’s title (outsider-authored) into /tmp/mop_prs.json, which is then read and included in the consolidated merge plan shown to the agent/LLM context.