pr-review-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly ingests user-generated PR data from GitHub/GitLab (e.g., "gh pr view $PR --json" and "gh pr diff $PR > /tmp/pr-$PR.diff" in SKILL.md) and pipes those diffs into analysis scripts (diff_analyzer.py, blast_radius_calculator.py) whose outputs drive review decisions, so untrusted third‑party PR/content can materially influence the agent's actions.