cli-review-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly pipes repository diffs and PR metadata (via git diff and gh pr view) into external LLM CLIs (scripts/cli-review-codex.sh uses the diff + references/codex-review-prompt.md; references/review-prompt.md shows piping diffs to gemini -p) and then reads those CLIs' outputs to drive fixes, so untrusted user-generated PR/diff content can be interpreted by remote LLMs and materially influence actions.