pr-guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (scripts/poll_pr_status.sh) call the GitHub CLI and API (gh pr checks and gh api "repos/.../pulls/.../comments") to read CodeRabbit and PR comment bodies and check statuses from a public, user-generated source, and those values (coderabbit_check and coderabbit_comments) are used by the workflow to decide whether to invoke fix actions such as /fix-review, so third-party content can materially influence agent decisions.