dev-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub pull request reviews/comments and suggested changes (e.g., via "gh api repos/{owner}/{repo}/pulls/{number}/comments" and related gh pr view/checks calls) — untrusted, user-generated content — and mandates reading and applying those comments as part of its workflow, which could enable indirect prompt injection.