pr-description-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Step 2) runs "gh pr view --json title,body,baseRefName" to read an existing GitHub PR's title and body — user-generated content on a third-party service — and that content is read and used to decide whether to update/create the PR, so it could influence the agent's actions and enable indirect prompt injection.