git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider free text from GitHub PR conversation is ingested at runtime via scripts/pr-watch.py → fetch_snapshot() calling REST endpoints (pulls/{pr}/reviews, issues/{pr}/comments, pulls/{pr}/comments) and placing each item’s body into the LLM-visible rendered output (render_item() → snippet()), which the agent then uses for decisions/replies.