code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow and scripts explicitly fetch and analyze untrusted, user-generated content—e.g., GitHub PR data via "gh pr view/gh pr diff" and arbitrary preview URLs (https://{branch}--{repo}--{owner}.aem.page/…) and Playwright screenshots in scripts/capture-screenshots.js—meaning the agent reads and acts on third-party page/PR content that could influence review actions.