pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub PR review and issue comments (see SKILL.md step 2 "Fetch PR details and review comments using gh CLI" and scripts/extract-pr-comments.js), which are untrusted, user-generated third‑party content that the agent parses and acts on to implement fixes, so third-party text could influence its actions.