pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-generated PR/MR descriptions, commit messages and diffs via gh/glab commands (see "Phase 1: PR/MR description" and "Phase 2: Gather Changes" in SKILL.md) and uses that content to establish scope, make review decisions, create issues, and trigger knowledge-capture, so untrusted third‑party text can materially influence tool actions and next steps.