code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads untrusted, user-generated GitHub content (PR title/body via gh pr view --json title,body, diffs via gh pr diff/git diff, and "read the full file(s)" in step 4 of SKILL.md) and uses that content to drive reviewers' decisions and comments, so third-party text could inject instructions that materially influence the agent's actions.