code-review-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's review workflow and scripts (e.g., scripts/review-pr.md, scripts/fetch-pr-data.sh and run-pr-checks.py referenced in SKILL.md) explicitly auto-fetch PR diffs, descriptions, and comments from GitHub via the gh CLI, meaning the agent ingests untrusted, user-generated third‑party content that can directly influence review actions and decisions.