review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly fetches and ingests GitHub PR metadata (e.g., "Fetch PR metadata: gh pr view --json title,body,files,baseRefName" in SKILL.md), which is user-generated third-party content that the agent reads and uses to determine review targets and drive agent actions.