pr-review-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub PR review comments via the gh api endpoints (repos/{owner}/{repo}/pulls/{number}/reviews and .../comments in "Step 1"), then reads and interprets those comments as part of the analysis and may post automated replies ("Step 2" and "Step 5"), so untrusted third-party content can directly influence tool use and agent actions.