product-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 0 Project Snapshot (SKILL.md) explicitly runs gh api calls to fetch GitHub repository data (and the pr-competitive-analysis agent docs instruct looking at package registries and GitHub "related repositories"), so untrusted, user-generated public content is ingested into .product-review/raw/snapshot.md and then read by downstream agents that use it to drive analysis and decisions.