babysit-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes user-generated GitHub content (issue comments, inline review comments, and review submissions via gh api in scripts/gh_pr_watch.py / fetch_new_review_items and the comment endpoints) and uses those review bodies to decide actions like "process_review_comment" and to patch/commit code (see references/workflow.md and SKILL.md), so untrusted third-party content can materially influence agent behavior.