pr-review-canvas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's Workflow (Step 1 in SKILL.md) explicitly fetches PR data, file patches, and comments from GitHub via gh api (public, user-generated content) and then instructs the agent to "read the diffs, understand the PR, and write" the HTML body, so untrusted PR descriptions/comments/patches can be interpreted and materially influence the agent's outputs and actions.