github-review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Step 2 instructs the agent to fetch PR data and review comments via the gh CLI and GitHub API (e.g., gh pr view, gh pr diff, gh api repos/{owner}/{repo}/pulls/{number}/comments), which pulls untrusted, user-generated content from public GitHub pages that the agent is expected to read and use to make review decisions.