github-pr-inline-reply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to fetch and read PR review comments from GitHub using endpoints like "gh api repos/{owner}/{repo}/pulls/{pull_number}/comments", which are untrusted, user-generated third-party content that could contain instructions influencing replies or subsequent actions.