pull-request-feedback-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Process step 2 explicitly instructs the agent to fetch PR review comments and threads from GitHub via "gh pr view --comments" and "gh api", meaning it ingests user-generated, untrusted review text that the agent will read and act on (code changes and replies), so third-party content can influence behavior.