triage-pr-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests user-generated GitHub PR review comments via the "gh pr-reviews ... --json" (and related "gh pr view") steps, and the agent is required to read and act on those comment bodies to classify and recommend actions, so untrusted third-party content can materially influence behavior.