review-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Steps 2 and 4) instructs the agent to run gh pr diff <number> / gh pr view <number> and to read full files and PR diffs, which ingests user-generated GitHub PR content (third-party/untrusted) that can influence its review actions.