jr-rails-second-opinion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reviews GitHub PR diffs as part of its required invocation (SKILL.md: "/jr-rails-second-opinion <PR#> (fetch PR with gh, review the diff)"), meaning it ingests user-generated, potentially untrusted third-party content which the agent reads and uses to drive reviews and follow-up actions.