cross-agent-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly calls agentTool getPrInfo --fields files and reads per-file diffs and file contents from GitHub PRs (user-generated, public third-party content) and requires the agent to parse and act on that content during reviews and tagging, which could allow indirect prompt-injection from untrusted PR data.