pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches and ingests GitHub PR metadata and changed files via "gh pr view " and instructs the agent to read and base review decisions on the PR body/files (user-generated content on GitHub), which could contain untrusted instructions that influence subsequent actions.