make-pr-easy-to-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly resolves and inspects user-provided pull requests (e.g., "Resolve the target PR from the user-provided URL" and commands like "gh pr view ") and reads PR descriptions, commits, and diffs from third-party repositories, which are untrusted user-generated content that the agent uses to decide history rewrites and reviewer actions.