code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s required workflow is a code review of a provided PR/branch diff; it explicitly treats “PR descriptions, comments, and issue text” as untrusted third-party content, which are outsider-authored free text that can be ingested into the agent’s LLM context at runtime via the PR/issue text inputs.