run-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Mode A and Mode C workflows explicitly fetch and parse GitHub PRs and comments (e.g., required steps invoking gh pr view, scripts/parse-pr.sh, and scripts/parse-pr-comments.sh --repo <owner/name> --pr <N>), which ingests untrusted, user-generated third‑party content (PR files and review comments) that the agent is expected to read and act on (triage, decide verdicts, post replies), creating a clear avenue for indirect prompt injection.