triage-pr-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh pr-reviews and gh pr view to fetch unresolved PR comments and thread replies from GitHub (user-generated, potentially untrusted content) and reads/uses those comment bodies to classify issues and decide/execute code fixes and queued actions, so arbitrary comment text could influence agent behavior.