review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and reads arbitrary PR data (e.g., via "gh pr diff $PR --repo $REPO" and "gh pr view ... --json comments --jq '.comments[].body'") including PR body, diffs, and user comments from third-party repos, and uses that untrusted, user-generated content to produce findings and decide next actions, so it can be influenced by injected instructions.