create-mr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches an MR diff from arbitrary GitLab merge requests using "ai-review get-context <MR_URL>" which writes to ~/.ai-review/mr-context.json and the agent is expected to read and interpret that untrusted, user-generated MR content to generate and post the MR description (Step 5), allowing third-party content to influence actions.