pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow (WORKFLOW.md Task 3 and Task 4) explicitly reads PR diffs and all changed files (untrusted, user-generated content from GitHub PRs) and passes them into parallel sub-agents whose outputs drive automated actions (including auto-fixes and updating the PR title/body in Task 7A), so external PR content can materially influence agent decisions and tool use.