pr-review-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Review Workflow (Step 1) explicitly instructs fetching PR metadata and full diffs via "gh pr view" and "gh pr diff" from GitHub/GitLab — user-generated PR content on public/open repositories which the agent reads and acts on, so untrusted third-party content can influence subsequent analysis and decisions.