do-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and read user-generated GitHub PR content (PR title/body, linked issues, CI, commit history, and review comment threads) using gh API endpoints like repos/{owner}/{repo}/pulls/{N}/comments and issues/{N}/comments, which are untrusted third‑party inputs that the agent must interpret and that can materially influence review actions.