api-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 1 in SKILL.md) explicitly fetches and parses PR diffs from the dotnet/aspire GitHub repository using commands like "gh pr diff <PR_NUMBER> --repo dotnet/aspire" — these diffs are user-contributed, untrusted content that the agent must read and interpret to decide review findings and post comments, so they could carry indirect prompt-injection payloads.