review-reply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly fetches and ingests user-generated PR and issue comments from GitHub (e.g., "gh api repos/{owner}/{repo}/pulls/{number}/comments", reviews, and "repos/{owner}/{repo}/issues/{number}/comments" and GraphQL reviewThreads), which the agent must read and act on (decide fixes, post replies, resolve threads), exposing it to untrusted third‑party content that could carry indirect prompt injection.