pr-49-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run "gh pr view 49 --json ..." and "gh pr diff 49" to fetch PR metadata and diffs from GitHub (public, user-generated content) which the agent is expected to read and use to decide review actions, so untrusted third‑party content could indirectly inject instructions.