pr-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly references using the GitHub PR page and "contributor intent... documented in PR text or design docs" (SKILL.md, "Acquire and frame the target" section), indicating the agent may read public PR pages or docs (untrusted third-party content) as part of its review and those texts could materially influence recommendations and actions.