gh-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and parses user-generated GitHub content (PR descriptions, comments, and review threads) as shown by commands in SKILL.md such as "gh pr view --json ..." and "gh pr-review review view -R owner/repo --pr ", so untrusted third-party content could influence agent actions (e.g., merge/reply) and enable indirect prompt injection.