pull-request-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and inspects third-party pull/merge requests (using gh/glab or by parsing the MR/PR page in Step 1) and git-fetches the branch and directs the agent to read repository files (README, CONTRIBUTING, docs/) as part of setup and review (Steps 3 and 6), meaning untrusted user-generated content from public PRs/MRs can be ingested and influence actions.