work-with-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses untrusted, user-generated GitHub content (CI run logs via gh run view --log-failed and PR review bodies via gh api "repos/${REPO}/pulls/${PR_NUMBER}/reviews", including Cubic and human reviewer comments) and then uses those text contents to decide fixes, commits, and next actions—allowing indirect injection via crafted review/comments or log output.