review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and inspects GitHub PR content (e.g., via "gh pr view ... --json", "gh pr diff ", and "git fetch origin pull//head:pr-") and uses the PR body, files, and diffs (user-generated, potentially public) as core inputs that will influence review decisions and next actions.