babysitting-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads third-party, user-generated content (e.g., PRs and review comments via "gh api repos/{owner}/{repo}/pulls/{pr}/comments" in Step 4 and CI logs via "gh run view --log-failed" in Step 3 / Step 2), and then uses those contents to decide and perform edits/commits, so untrusted content can materially influence agent actions.