miro-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated PR/MR content and diffs from third-party forges (via gh/glab CLIs or REST curl calls) as part of its required workflow (see "Extract Changes" and "Post link back to PR/MR" in SKILL.md), and that content is used to drive analyses and edits which can materially affect subsequent actions.