pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary GitHub PR URLs and explicitly queries the GitHub GraphQL API to fetch reviewThreads and comments (comments.nodes[].body) from PRs—untrusted, user-generated content that the agent reads and acts on—exposing it to possible indirect prompt injection.