pr-miner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests user-generated GitHub PR review comments via the GitHub API (see scripts/miner.py and the SKILL.md "MINE" phase), and those comments are parsed and used to decide which interactions to extract and included in JSON output that can drive downstream agent behavior, so untrusted third‑party content can influence the workflow.