review-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and trusts repository-provided instruction files (e.g., AGENTS.md, CLAUDE.md and any docs they import) as part of its required review workflow, which are user-authored/untrusted content that the agent must read and that can materially influence review decisions and actions.