guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the SKILL's SURVEY phase explicitly requires inspecting diffs, commits, affected files and PR review context (e.g., "SURVEY: Inspect diff, commits, affected files, branch state, review context" and examples like gh pr view --json files in git-recipes), which means the agent reads user-generated/untrusted PRs and repo content that can directly influence routing, handoffs and actions, exposing it to indirect prompt-injection risk.