review-cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-generated GitHub content (reviews, inline review comments, PR discussion and check results) via scripts/fetch-pr-feedback.sh and GitHub API calls (see SKILL.md Stage 1 and scripts/fetch-pr-feedback.sh), and the agent is required to read and act on that content (assess suggestions, implement fixes, resolve threads), so untrusted third-party inputs can materially influence tool use and decisions.