git-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Steps 1 and 5 and the "Untrusted Input Rules") explicitly runs git commands (git log and git show) to ingest commit messages and diffs from external/PR repositories, which are attacker-controlled user-generated content and are used to decide how to construct the PR description.