visual-explainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-generated content from public GitHub PRs and commit/PR descriptions as part of its required workflow (e.g., the /diff-review and plan-review prompts and SKILL.md instruct running "gh pr diff" and to "read commit messages and PR descriptions" and to "reconstruct decision rationale"), and that untrusted text is used to drive verification, design decisions, and rendering, so it can materially influence the agent's actions.