comprehensive-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-generated PR metadata and text (e.g., "gh pr view {PR_NUMBER}" to populate {DESCRIPTION}/{PR_URL} and uses Jira/plan doc text as {PLAN_OR_REQUIREMENTS}) and then incorporates that content into sub-agent prompts and review decisions, so untrusted third-party content can directly influence agent behavior.