github-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses GitHub PR comments and review bodies via gh api (e.g., repos/$REPO/pulls/$PR/comments and repos/$REPO/pulls/$PR/reviews) — untrusted, user-generated review text that the agent reads and uses to classify severity and drive fixes/replies, so it can contain instructions that influence tool actions.