github-review-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's exporter (scripts/export_github_review_comments.py using a GitHub GraphQL query) fetches arbitrary PR reviewThreads and comments from external GitHub repositories and the SKILL.md / references/SOP.md explicitly instruct agents to read those exported, user-generated review items and act on them (dispatch workers, edit code, and use scripts/post_github_review_followup.py to post replies), so untrusted third‑party content can materially influence agent actions.