review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and normalizes user-generated PR/MR comments from GitHub/GitLab (see scripts/fetch_review_comments.sh and the SKILL.md steps that pull "remote review comments" and pass "approved comment categories plus their pulled comment content" to subagents and the review workflow), so untrusted third-party content can directly influence validation, planning, and tool actions.