parallel-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly allows pasting a PR link and having the main agent list changed files from the branch ("Or paste the PR link and let the main agent list changed files from the branch"), which means the agent will fetch and read untrusted, user-generated code/PR content from external repositories and use it to drive review findings and follow-up actions.