autonomous-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads ALL issue comments for "Requirement Drift" and extracts a preview URL from PR comments which it then navigates to via Chrome DevTools MCP for E2E verification (see SKILL.md "Requirement Drift Detection" and "E2E Verification" sections), meaning it ingests and acts on arbitrary, user-provided third-party content.