review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow reads outsider-authored free text from the PR description via gh pr view --json body --jq .body (PR body is written by someone other than the operating user), and that text is then used to derive “stated intent” and drive LLM review output—indirect prompt-injection risk.