ghwf4-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Fetch Issue/PR with comments" using gh (gh issue view --json body,comments and gh pr view --json comments,reviews), which causes the agent to ingest user-generated GitHub issue/PR content that it must interpret and that can change review outcomes and follow-up actions (commits, PR updates, labels).