relay-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/gate-check.js and scripts/finalize-run.js) call the GitHub CLI (execGh) to fetch PR comments and commits (e.g., "gh pr view ... --json comments,commits,...") and then parse user-generated review comments to decide whether to merge or block a PR, so untrusted third-party content from GitHub directly influences actions.