pr-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR bodies, diffs, and reviews from GitHub (see Phase 1 Data Gathering: gh pr list/gh pr view and Phase 2 Execution des Reviews where {body} and gh pr diff {num} are injected into the code-reviewer agent prompt), meaning untrusted, user-generated content from external contributors is read and directly used to drive agent decisions and posting actions.