code-review-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and the included scripts like scripts/review-pr.md and scripts/fetch-pr-data.sh / scripts/run-pr-checks.py) explicitly auto-fetches GitHub PR titles, descriptions, diffs, and comments (user-generated, public/private) via the gh CLI and the agent is instructed to read and act on that content as part of the review process, which exposes it to untrusted third‑party input that could carry indirect prompt-injection instructions.