github-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to read GitHub pull requests, repository files (notably CLAUDE.md), previous PR comments, git blame/history and code comments via the gh commands in references/pr-review-orchestrator.md, which are untrusted user-generated sources that can materially influence review decisions and tool actions.