pr-retro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and analyze GitHub PR reviews and comments (user-generated content) using commands in Phase 3 (e.g., "gh pr view ... --json reviews --jq '.reviews[] | "\(.author.login): \(.body)"'" and "gh api repos///pulls//comments --jq '.[].body'"), so the agent will read untrusted third‑party content that can materially influence its analysis and subsequent actions.