squad-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill injects GitHub PR metadata into every reviewer's prompt via the pre-gathered context (Open PR metadata: !\gh pr view --json title,body,comments``), which pulls user-generated PR title/body/comments (untrusted third-party content) that the agent is required to read and can influence reviewer decisions.