pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads user-generated PR feedback from GitHub (conversation comments, inline comments, and reviews) using scripts like scripts/check-pr-feedback.sh, scripts/check-new-feedback.sh, and scripts/wait-for-reviews.sh (and SKILL.md mandates using these as the entry workflow), so the agent ingests untrusted third-party content that can influence its review/fix actions.