review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Phase 2 and Phase 4, and the "GitHub PR mode" sections) explicitly instructs the agent to fetch and read GitHub PR bodies, linked issues, CI results, and inline comment threads using gh CLI or MCP tools (e.g., pull_request_read), which are untrusted, user-generated third‑party contents that the agent will interpret to drive review actions.