github-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow and scripts (SKILL.md and scripts/collect_pr_context.sh/post_review.sh) explicitly fetch and ingest GitHub PR metadata, diffs, files, and checks from public/user-generated GitHub PRs via gh pr view, gh pr diff and gh api, which the agent is expected to read and use to draft and post reviews, so untrusted third‑party content can influence actions.