ship-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's optional CodeRabbit integration (operating-loop step 7 and references/coderabbit-watch.md) tells the agent to run compozy reviews watch, which polls an external review provider (CodeRabbit), materialises reviewer comment rounds into .compozy/tasks/<slug>/reviews-NNN/, and then spawns/follows automated fix runs that can auto-commit and push—i.e., it ingests untrusted, user-generated third-party review content that can directly drive tool actions.