review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub PR content (reviews, inline review comments, review threads, and CI logs) via scripts (scripts/fetch-pr-feedback.sh and scripts/investigate-ci-failures.sh) and the SKILL.md workflow requires the agent to read/assess that content and act on it (implement fixes, resolve threads, push changes), so untrusted third‑party comments could materially influence tool use and actions.