code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub PR content (via gh pr view, gh pr diff, gh api, and by adding a git worktree to read every changed file) and then interprets that user-generated PR description, code, and comments as part of its review workflow and to decide/post reviews, so untrusted third-party content from GitHub can materially influence its actions.