review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads GitHub PR comments via the gh API (see Step 2.5 and greptile-triage.md: gh api repos/$REPO/pulls/$PR_NUMBER/comments and issues/$PR_NUMBER/comments) and uses those comment bodies to classify findings and drive replies/actions, so untrusted third-party PR comment content can materially influence agent decisions.