process-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and interprets user-generated GitHub content (e.g., via "gh pr view --comments", "gh api repos/$REPO/pulls//comments", checking PR commits/diffs and linked issues, and delegating to the code-review skill after "gh pr checkout"), and those public PRs/comments can directly influence review verdicts, posted comments, and label updates—creating a clear avenue for indirect prompt injection.