review-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and reads repository diffs from a remote source (e.g., "git fetch origin ... && git diff origin/" in Step 1) and instructs an adversarial subagent to "Read the diff for this branch" (Step 4), so it consumes untrusted, user-generated repo content that the agent must interpret and that can materially influence actions.