ah-review-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR metadata and diffs from GitHub (e.g., "gh pr view ${PR_NUMBER}" and "gh pr diff ${PR_NUMBER} > ${DIFF_FILE}" in Step 4) and then passes those untrusted, user-generated diffs to subagents for analysis and decision-making (Step 6), so third-party PR content can directly influence tool behavior and next actions.