ln-162-skill-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md + references/agent_review_workflow.md and references/agents/prompt_templates/review_base.md) launches external advisor agents via references/agents/agent_runner.mjs that "have internet access", are instructed to "Search the web" and to read Linear/MCP URLs, and the host is expected to read and act on those agent-produced results—clearly ingesting and acting on untrusted third‑party (web/MCP) content.