pr-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch_pr_data.py and gh CLI usage explicitly pull public GitHub PR data (diffs, comments, commits, related issues) — i.e., user-generated, untrusted third-party content — and the workflow/Generate/Read steps require the agent to read and analyze those files (SUMMARY.txt, diff.patch, comments.json), creating a clear path for indirect prompt injection via PR text or comments.