review-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects user-generated GitHub content (PR lists, diffs, PR bodies, files, and comments) via commands like gh pr list, gh pr view, and gh pr diff, so untrusted third-party PR text could influence the agent's analysis and subsequent review actions.