post-implementation-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires the GitHub CLI and instructs the agent to list and review GitHub issues and PRs (e.g., gh issue list and verifying PRs that closed issues), meaning it ingests user-generated GitHub content that could contain untrusted instructions influencing decisions and actions.