pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Tier 2 workflow explicitly runs "gh pr view {number}" and "gh pr diff {number}" to fetch and read GitHub pull request content (user-generated, public third-party data) and then uses that content to drive review decisions and actions, exposing the agent to untrusted third-party instructions.