review-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires reading GitHub PR descriptions, commit messages, linked issues and review threads (see SKILL.md step 1 and references/github-review-threads.md), which are untrusted, user-generated third‑party content that the agent is expected to interpret and that can materially change review actions (including replies or automated gh api calls).