arinhub-submit-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated GitHub PR content (Step 2 gh pr view ... and Step 3 gh api repos/{owner}/{repo}/pulls/$PR_NUMBER/comments and reviews), and the agent uses that untrusted third-party content to deduplicate issues and decide/compose review actions, which could enable indirect prompt injection.