github-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to "Analyze the code and identify important issues" and to operate on pull request content via the GitHub API / gh CLI (repos/{owner}/{repo}/pulls/{pr_number}), which means it will ingest user-generated PR code/comments from GitHub (an untrusted public source) and act on that content when composing reviews.