Code Review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated PR data and comments via the GitHub API (e.g., gh pr view, gh api repos/.../pulls) and visits reviewer-provided preview URLs with Playwright, so it ingests untrusted third-party content (PRs, comments, and arbitrary preview pages) that the agent interprets as part of its workflow.