review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub PR review comments (see "Fetch Review Comments" with the gh api repos/{owner}/{repo}/pulls/{number}/comments call and uses each comment's body), which are untrusted, user-generated third-party content the agent must interpret — enabling indirect prompt injection.