github-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires running ghx/collect (see SKILL.md and references/SCRIPTS.md and scripts/collect.sh) to fetch PR artifacts such as pr.diff, files.json, review_threads.json, and comments.json from GitHub (public/user-generated content) which the agent is expected to read and use to generate reviews, so untrusted third‑party content can directly influence its decisions.