receiving-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to read and act on code review feedback from external reviewers and to reply to GitHub PR comments via the gh API, meaning it ingests user-generated content from a third‑party platform (GitHub) that can materially influence decisions and actions.