differential-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts a PR URL or commit SHA and its workflow (commands/diff-review.md and methodology.md) instructs using git/gh (e.g., "gh pr view", "git checkout", "git diff") and invoking audit-context-building to read and analyze public PRs/commits (user-generated code) which the agent must interpret to drive decision-making and actions, exposing it to untrusted third-party content.