code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (e.g., references/supply-chain-security.md and the "Dependency Changes" / "Verification Process" sections in SKILL.md) explicitly instructs the reviewer to fetch and interpret public third‑party pages (PyPI/npm package pages, GitHub release pages, osv.dev/snyk, etc.) and use their contents to decide risk and merge actions, which exposes the agent to untrusted external content that can materially influence decisions.