cubrid-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public GitHub pull request data (via "gh api repos/OWNER/REPO/pulls/NUMBER", "gh pr diff", and PR/comments API calls in Step 1/Step 2), including PR bodies and user comments, which are untrusted user-generated content that the agent is required to read and use to drive its review decisions.