docs-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to read GitHub PR diffs and files (e.g., "gh pr diff ${PR_NUMBER}" and use "gh api" to post suggestions), which are user-generated, public GitHub content that the agent must interpret and can directly drive actions (comments or commits), so untrusted third-party content can influence behavior.