process-pr-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches GitHub PR review comments and reviews via gh api (e.g., repos///pulls/<pr_number>/comments and /reviews), which are user-generated, untrusted third-party contents that the agent is instructed to extract and use to triage and resolve review conversations, so such content could materially influence decisions and tool actions.