review-mr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and interprets user-generated repository/PR content as part of its workflow (notably via "gh pr view " and git diff/git log operations against remote branches), which can pull untrusted third-party content (PR descriptions, comments, and code) from GitHub or other remotes.