vp-pr-review-followup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and references/workflow.md explicitly fetch and parse GitHub pull request review threads, comments, and diffs via GraphQL (e.g., reviewThreads and comments queries), meaning it ingests user-generated, potentially untrusted third-party content from GitHub that the agent must read and act on.