review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes "PR Review: /review PR #123 → Fetch PR diff, review changes", showing the agent fetches and ingests user-generated PR diffs (third-party content) which it reads and uses to drive review decisions, creating opportunity for indirect prompt injection.