review-github-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and read GitHub pull request diffs and metadata using gh pr view and gh pr diff, ingesting user-generated content from third-party repos which the agent must interpret to decide comments and submit actions, so untrusted PR content could influence behavior.