review-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md (step 3 and the Rules for external-specification investigation) explicitly requires spawning subagents to fetch and summarize public external documentation, major repositories and URLs (参照元の種別、URL…公式ドキュメント・主要リポジトリ・コミュニティ記事), which the agent must read and use to influence review decisions, thereby exposing it to untrusted third‑party content.