pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires reading GitHub PR comments ("gh pr view --comments") and extracting a user-provided "审查截止: {sha}" commit SHA from those comments to compute diffs and drive the incremental review, so untrusted, user-generated content can influence agent decisions and actions.