datahub-connector-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and command docs explicitly fetch and ingest untrusted public GitHub PR content and comments (e.g., "gh pr diff "${PR_NUMBER}" --name-only" and "gh pr view "${PR_NUMBER}" --comments" in the PR/Incremental Review workflows) and also permit WebSearch/WebFetch for documentation lookups, so the agent will read and act on arbitrary third‑party/user‑generated content as part of its workflow (even though the skill prescribes trust-disclaimer mitigations).