pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests GitHub PR review and issue comments (user-generated, potentially untrusted) via the gh CLI (see Process step 2 in SKILL.md: "Fetch PR details and review comments using gh CLI") and the scripts/extract-pr-comments.js which reads/parses review and issue comment JSON files, so the agent will read and act on third‑party content.