tenzir-review-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to read PR descriptions, commit messages, linked issues and GitHub review comments (see "Process" steps 1–2 and the "GitHub pull requests" section), which are user-generated third-party content the agent ingests and uses to drive review decisions and replies, creating an indirect prompt-injection risk.