pull-request-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated PR metadata and review comments from GitHub (see "Fetch PR metadata and comments" using gh pr view ... and gh api repos/.../pulls/.../comments in SKILL.md), which the agent reads and acts on when creating plans and making changes, so untrusted third-party content can influence behavior.