zoe-validating-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly tells ZŌE to read and interpret PR reviews and review comments from GitHub (see "Validation Requirements" and "Using GitHub CLI" with gh pr view ... --json reviews/comments), which are user-generated/untrusted content that the agent must use to decide whether to merge, allowing indirect prompt injection.