review-as

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow (SKILL.md Step 2) explicitly fetches and analyzes public GitHub PR diffs and metadata using commands like "gh pr diff" and "gh pr view" for PR URLs/numbers, meaning it ingests untrusted, user-generated third-party content and uses that content to drive review decisions.