oh-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated PR review comments via GitHub commands ("gh pr view ... --json comments,reviews" and "gh api repos/{owner}/{repo}/pulls//comments") and requires the agent to read and act on those comments (Step 4–5) to make code changes, create issues, and push commits, so untrusted third‑party content can directly influence actions.