jules-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches GitHub pull request data (using gh pr view and gh pr diff) and feeds the PR body and diff — untrusted, user-generated content from public GitHub repos — into the council workflow (SKILL.md Step 2 and Step 5 and references/WORKFLOW.md), which the agent reads and uses to decide actions and to post reviews.