when-reviewing-pull-request-orchestrate-comprehensive-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly fetches and ingests GitHub pull request content (e.g., via "gh pr view" and storing "code-review/{PR_ID}/metadata") and reads the PR description, changed files, and code for automated and specialist reviews, meaning untrusted, user-generated PR content from GitHub can be interpreted and can materially influence decisions and actions.