pr-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets untrusted, user-generated GitHub content (e.g., inline review threads from "gh pr view --json reviewThreads" and conversation comments from "gh api repos/{owner}/{repo}/issues//comments") and uses those bodies to classify priorities and drive the agent's action plan, which could allow indirect prompt injection.