adversarial-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted diffs (e.g., via "gh pr diff ", git diffs, or arbitrary file contents) by substituting {{DIFF}} into reviewer prompts (prompts/reviewer-*.md and prompts/cross-review.md) so the agent will read and act on third-party/user-generated content, which can materially influence review decisions and tool use and thus enables indirect prompt injection risk.