review-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub PR reviews, inline comments, and discussion comments via scripts/parse-pr-comments.sh (gh api) and then reads and acts on those verbatim reviewer bodies as part of the required workflow (SKILL.md Steps 1–7 and the clustering/dispatch scripts), so untrusted, user-generated third‑party content can materially influence decisions and tool actions.