visual-explainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows (e.g., commands/diff-review.md and plan-review.md) explicitly instruct the agent to run gh/ git commands such as "gh pr diff 42", read PR descriptions, commit messages, and changed files from remote repositories (Git/GitHub) and use those texts to generate reviews/decisions, which means it ingests untrusted, user-generated third‑party content that can materially influence subsequent actions.