validate-changes-match-specs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill reads “PR description, commit messages, branch names, repository files, review comments, and external validation artifacts” and also fetches PR review comments at runtime; those are outsider-authored free text (e.g., GitHub PR body/comments) that can be ingested into the agent’s LLM context via the PR/issue comment and description parsing paths.