evaluate-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests GitHub PR comments and other reviewer content (see SKILL.md Input modes and references/gh-review-workflow.md which use gh api/gh pr view to pull comments) — those are untrusted, user-generated third‑party inputs that the agent is required to read and act on (extract verbatim items and drive replies/implementation), enabling indirect prompt-injection risk.