ah-submit-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and parse PR metadata, PR body, files, diffs, and existing review comments using commands like gh pr view and gh api (GitHub PRs and comments are user-generated, potentially public third‑party content) and then uses that content to decide deduplication, build review comments, and submit actions, so untrusted content can materially influence the agent's behavior.