review-pull-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and interprets arbitrary PR content from the supplied PR_URL (see pr-context-collector instructions: "Read PR metadata... Inspect the diff and surrounding code") and uses that evidence to generate findings, draft comments, and posting decisions (finding-reviewer, comment-drafter, review-poster), so untrusted user-generated content from public repos can directly influence agent actions.