code-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public PR diffs via gh pr diff (see SKILL.md "PR URL or owner/repo#N") and the cross-model flow (references/cross-model-handoff.md and scripts/invoke-cli.mjs) concatenates and sends those untrusted diff/file contents verbatim to external AI CLIs, so user-generated PR/web content can carry instructions that materially influence the agent's tool invocations and outputs.