code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP server (mcp-server/src/index.ts) explicitly calls the GitLab API endpoints (/projects/.../merge_requests/... and /changes) to fetch merge request titles, descriptions, and diffs—which are untrusted, user-generated content—and SKILL.md requires the agent to read and analyze that diff/description as part of its review workflow, so third-party content can materially influence the agent's decisions and actions.