code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests untrusted, user-generated content from public GitHub PRs, comments and diffs (see SKILL.md gh API/gh pr examples) and navigates public preview URLs to capture screenshots (scripts/capture-screenshots.js using Playwright), and it uses that content to drive review decisions and post GitHub suggestions/commits, so third-party content can materially influence agent actions.