datahub-connector-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and analyze GitHub PR comments and diffs (e.g., using gh pr view / gh api and the datahub-skills:comment-resolution-checker task in SKILL.md and commands/comprehensive-review.md), which are untrusted, user-generated third‑party contents that the agent must read and act on as part of its required workflow, allowing indirect prompt injection risk.