gh-review-requests

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs scripts and gh API calls (scripts/fetch_review_requests.py and the fallback gh api notifications / gh api repos/{repo}/pulls/... steps) to fetch GitHub notifications and PR metadata — user-generated, public content that the agent ingests and uses to decide which PRs to surface, so untrusted third-party content could indirectly inject instructions.