review-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). review-security’s runtime workflow ingests the PR’s diff/touched files (via gh pr diff --name-only / git diff --name-only and then scanning those files’ contents), and those file contents are authored by PR contributors who are not necessarily the operating user—i.e., outsider-authored free text is read into the LLM context during per-file checklist/finding generation.