ln-316-review-refinement-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly launches external advisor agents that "have internet access" and are instructed to read Linear URLs and perform web research (see references/agent_delegation_pattern.md "Agents have internet access — they can read Linear directly" and references/agents/prompt_templates/review_base.md "Search the web"), and the host reads and acts on those agent-produced reports as part of the refinement/merge workflow, so untrusted third‑party content can materially influence decisions.