performing-multi-agent-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR title and description from GitHub in PR mode via gh pr view (Step 1 / Modes → PR mode) and passes that user-generated PR text into subagent prompts (e.g., Context Partitioning / Step 3 gives the PR title/description to Agent 3), meaning untrusted third-party content is read and can influence agent decisions and actions.