review-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and read GitHub Pull Request data, action run logs, and PR diffs using commands like gh pr checks, gh run view, and {{PR_URL}}.diff, which are third-party, user-generated contents (public GitHub PRs/logs) that the agent will parse and act on—enabling indirect prompt-injection risks.