pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The workflow ingests the diff via git diff ... / git log ... (Phase 1), which is derived from the repository’s PR branch content; if that PR branch includes outsider-authored text (e.g., code/docs written by someone other than the operating user), that diff becomes LLM-readable context for the review subagents—an indirect prompt-injection vector.