pr-comment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's prepare/submit workflow (scripts/pr-comment.js) explicitly calls the GitHub CLI (e.g., gh api repos/{owner}/{repo}/pulls/{number}/files, gh pr view) to fetch PR metadata and changed file patches from GitHub—user-generated, public content—which the agent consumes to validate comments and drive submit/re-prepare decisions, creating a clear path for indirect prompt injection.