pr-review-handler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and reads PR reviews and line-comments from GitHub (see SKILL.md "Fetch PR Information" gh commands and the examples in references/examples.md), which are untrusted, user-generated third-party content that the agent is instructed to interpret and act upon (e.g., change code, run tools, and post replies), creating a clear avenue for indirect prompt injection.