review-gitcode-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md "Collect Remote Context" and scripts/collect_pr_context.py) explicitly runs oh-gc pr:view, pr:diff, and pr:comments to fetch PR metadata, diffs, and user comments from GitCode (untrusted, user-generated third‑party content) which the agent is expected to read and use to generate findings and draft/submit review actions, enabling indirect prompt injection.