review-renovate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse GitHub PR metadata, diffs, PR bodies (release notes/changelogs), and workflow files via the gh CLI—these are untrusted, user-generated third-party contents that the agent must read and use to decide approval, allowing indirect prompt-injection influence.