receiving-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and acts on user-generated PR review comments (e.g., "Compare the current diff against prior review threads (gh api repos/{owner}/{repo}/pulls/{pr}/comments)" in SKILL.md and "gather all unresolved review comments from the PR" in references/headless-mode.md), which are untrusted third-party content that the agent reads and uses to decide fixes/next actions.