crit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Steps 2–4) makes the agent run crit, read the produced review file (e.g., "Review comments are in /path/to/review.json") and act on unresolved, user-authored review comments (and crit also supports reviewing live/staging URLs and shared reviews), so arbitrary third-party reviewer content can be ingested and directly drive edits and tool actions.