pr-green

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated GitHub content—PR review comments and PR comments via "gh api repos/.../pulls//reviews" and ".../comments", linked Issue bodies via "gh pr view ... closingIssuesReferences", and CI logs via "gh run view --log-failed" (Step 1a/1b)—and uses that content to decide fixes, commits, and automated actions, which exposes it to untrusted third-party input that could inject instructions.