github-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automatically fetches and analyzes arbitrary GitHub pull requests and diffs (e.g., via "User provides a GitHub PR URL" and commands like gh pr view / gh pr diff and GitHub API calls), which are public, user-generated third-party content that the agent reads and interprets as part of its workflow, enabling indirect prompt injection risk.