ah-submit-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub content (PR metadata and diffs via "gh pr view", existing review comments via "gh api repos/.../pulls/.../comments", and pr diffs via "gh pr diff") and uses that untrusted third-party content to decide which review comments to post, so malicious PR text or comments could influence the agent's actions.