docs-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's PR review mode explicitly fetches and reads GitHub pull request diffs using tools like mcp__github__get_pull_request_diff (and reviews arbitrary PR content), which ingests user-generated/untrusted content from third-party GitHub repositories and could enable indirect prompt injection.