pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) instructs the agent to read GitHub PR bodies, commit messages, and diffs via gh pr view/list/diff (user-generated content) to discover task/spec refs and drive review actions, so untrusted third-party PR content can influence tool decisions and enable indirect prompt injection.