pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/check-pr-feedback.sh and scripts/reply-to-inline.sh) call gh api to fetch PR conversation comments, inline comments, and reviews from the repository (repos/$REPO/issues/$PR/comments, repos/$REPO/pulls/$PR/comments, repos/$REPO/pulls/$PR/reviews) and SKILL.md explicitly instructs the agent to read those untrusted, user-generated review comments and act on them (reply, commit, generate Fix Reports), so third-party comments could materially influence agent behavior.