coderabbit-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly fetches and parses user-generated content from GitHub (using gh api calls in "Step 1" and "Step 2" and GitHub REST usage in the GitHub Actions in "Step 3" and "Step 4") — it reads PR reviews and comments (untrusted third-party/user-generated content) and uses those results to drive alerts, dashboards, and decisions, which could be influenced by injected instructions in that content.