review-documentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow Step 1 ("Retrieve the PR Diff" using commands like gh pr diff <PR_NUMBER_OR_URL>) instructs the agent to fetch and read GitHub pull request diffs—user-generated third-party content—which the agent then must interpret to make review decisions, creating a clear avenue for indirect prompt injection via PR text or file contents.