learn-from-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 2: "Fetch Review Comments" with gh api repos/{owner}/{repo}/pulls/{pr_number}/comments and /reviews) explicitly ingests user-generated GitHub PR review comments (untrusted third-party content) and the agent analyzes them to decide on patterns and create draft PRs, so those comments could indirectly inject instructions affecting the agent's actions.