code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and read PR descriptions, linked issues, and existing GitHub review/comments (e.g., "Fetch existing discussions... gh api repos/{owner}/{repo}/pulls/{pr}/comments"), which are user-generated third-party content the agent will interpret and that can materially influence review actions and tool use.