review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated GitHub content — PR bodies, linked issues, CI/check outputs, and inline/general review comment threads via gh CLI / MCP tool calls (see SKILL.md Phase 2, Phase 4 and references/gh-cli-reference.md) which are untrusted third‑party inputs that directly influence review decisions and subsequent actions.