read-only-gh-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md steps 5–6 and the GitHub CLI mappings) explicitly instructs fetching and reading user-generated GitHub content (e.g., "gh pr view <PR_NUMBER> --comments", "gh api repos///issues/<PR_NUMBER>/comments", and "gh api repos/.../contents/") and local Read/Grep of PR code, so untrusted third-party PR text and comments are ingested and can materially influence review decisions.