pr-review-response

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and ingests user-generated content from public GitHub PR endpoints (e.g., gh api repos/{owner}/{repo}/pulls/{number}/comments, /reviews, and /issues/{number}/comments), so untrusted third-party PR comments and reviews could contain indirect prompt injections.