work-with-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text is ingested via GitHub PR review/comment bodies authored by the external bot cubic-dev-ai[bot], which the skill fetches as readable text using gh api "repos/${REPO}/pulls/${PR_NUMBER}/reviews" ... | .body during Gate C.