ito-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls GitHub APIs/CLI to read repo PR templates and recent PR titles/bodies (e.g., "gh api repos/{owner}/{repo}/contents/.github/PULL_REQUEST_TEMPLATE.md", "gh pr list --limit 5 --json title,body", "gh pr view --json ...") and then uses those user-generated/untrusted texts to detect language/scope, fill or preserve PR body slots, and decide generation/actions, so third‑party PR/template content can materially influence behavior.