learn-from-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Step 2: "Fetch Review Comments") explicitly uses gh api repos/{owner}/{repo}/pulls/{pr_number}/comments and .../reviews to ingest user-generated GitHub PR review bodies, which the agent is expected to read, interpret, and use to generate skills and create PRs—allowing untrusted third‑party comments to materially influence agent actions.