code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 2 "PR mode" explicitly runs "gh pr diff <PR_NUMBER>" to fetch pull request diffs from GitHub (public, user-generated content) which the agent reads and uses in its review workflow, so external PR content could influence subsequent tool decisions.