gh-cli-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's PR review workflow in SKILL.md and references/pr-comment-workflow.md explicitly instructs the agent to fetch and read GitHub review threads and PR comments via gh api/GraphQL (e.g., gh api graphql ... reviewThreads, gh api repos/{owner}/{repo}/pulls/{pr}/comments), which are user-generated, third-party content the agent is expected to interpret and act on (reply/resolve/fix), enabling indirect prompt injection.