zeno-reviewing-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to fetch and read user-generated PRs and linked task details (e.g., via "gh pr view/gh pr diff" on GitHub and "probe task get" for the task/PR URL), which are untrusted third-party content that can directly influence review decisions and actions.