github-pull-request-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 explicitly fetches and reads user-generated GitHub content (e.g., via "gh pr view --comments", "gh api .../pulls/{pr_number}/comments", "gh pr diff", and "gh issue view") and uses that content to inform review analysis and possible follow-up actions, meaning untrusted third‑party content can influence the agent's decisions.