review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Gather Context" step in SKILL.md explicitly instructs running gh pr view $ARGUMENTS --json files,body to fetch PR files and body from GitHub (user-generated, public third-party content) which the agent will read and use to drive its review decisions, creating a clear avenue for indirect prompt injection.