async-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests untrusted, user-generated GitHub content (e.g., scripts/async-review.sh performs "git fetch origin -f pull/$pr_number/..." and "gh pr diff > $log_dir/pr-diff.diff", and the GEMINI_CMD invocations explicitly tell the model to analyze that diff and CI logs), so third-party PR diffs and logs are read and used to drive agent analysis and actions.