pr-walkthrough

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs fetching and ingesting user-generated GitHub PR data and review comments via gh/gh api calls (and external visual assets/Figma links) as source material for building the walkthrough (see the "Establish PR context" and "Collect visual source material" sections), which are untrusted third‑party inputs that the agent reads and incorporates into its decision-making and rendered tour content.