bmad-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly resolves PR references via gh pr view and accepts user-provided diffs (Step 1: "PR reference → resolve to branch/commit via gh pr view" and "provided diff or file list"), then feeds those diffs into review subagents (Step 2: Blind Hunter/Edge Case Hunter/Acceptance Auditor) whose findings drive automated actions (including applying patches in Step 4), so untrusted user-generated third-party content (e.g., GitHub PRs or pasted diffs) is ingested and can materially influence decisions and tool use.