git-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1b explicitly instructs fetching and reading GitHub issues/PRs via "gh issue view" / "gh pr view" (public, user-generated content) and uses that text to map requirements and drive review decisions, which exposes the agent to untrusted third-party content that could influence actions.