git-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public, user-generated GitHub content (PR pages, diffs, review comments, CI status) — e.g., SKILL.md step "只读获取 PR 证据" and config.yaml/read_only_sources listing "GitHub web pages / GitHub API / .diff / .patch" — and uses those materials as core evidence to drive merge recommendations, so untrusted third‑party content can influence agent decisions.