pr-comment-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pr-comment-grabber.py explicitly fetches "ALL comments from a GitHub PR" (review and issue comments) and the analysis prompt/workflow requires the LLM to read and interpret that user-generated GitHub comment JSON (and it also performs web research via mcp__exasearch__web_search_exa), so it clearly ingests untrusted third-party content from public GitHub and the open web.