review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches user-generated GitHub PR review comments and reviews via the gh api calls in "Step 1: Collect Review Comments" (repos/{owner}/{repo}/pulls/{number}/comments and /reviews) and then reads and acts on those comment bodies as part of analysis, edits, and reply posting, so untrusted third-party content can influence agent actions.