gh-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR metadata, diffs, and changed files from public GitHub using commands like gh pr view, gh pr diff, and the API call repos/<owner>/<repo>/pulls/<number>/files, which are untrusted, user-generated third-party contents that the agent is required to read and that could materially influence subsequent review actions.