user-story-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses the GitHub CLI (e.g., gh issue view, gh pr diff, gh pr checkout) to read PR bodies, linked Issues, and code hosted on public GitHub (user-generated) and then acts on that content to decide fixes, reviews, and merges, so untrusted third‑party content can influence its behavior.