review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub pull request content (via the documented gh pr view --json title,body,... and gh pr diff commands) which are user-generated, public third-party inputs that the agent must interpret as part of its review and can materially influence its decisions, so it exposes the agent to potential indirect prompt injection from PR text or diffs.