review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub PR data (e.g., "gh api repos/{owner}/{repo}/pulls/{number}/reviews", "gh pr view {number} --comments", and "gh pr diff {pr_number}") as part of the Feedback and GitHub PR workflows and then reads/evaluates those comments and may post replies, so untrusted third‑party content from GitHub can directly influence the agent's actions.