coding-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to fetch and review GitHub PRs and diffs (e.g., references/WORKFLOW.md, references/reviews.md, README.md, and skills/coding-agent/SKILL.md) using commands like gh pr view, gh pr diff, and codex review, which are untrusted, user-generated third-party contents the agent is expected to read and act upon.