cross-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, the required Strata A/B/C workflow ingests the PR diff (via git diff $DIFF_BASE...HEAD into a patch file and then passed as an attachment to Codex/subagent, and also read by composed review skills), and that diff is outsider-authored free text from other contributors’ PRs.