code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged: the mandatory workflow calls out scripts/fetch_review_comments.py which uses the GitHub API/GraphQL to fetch user-generated PR review threads into code-review/.../comments/review-comments.json, and those comment bodies are parsed by scripts/update_comment_status.py (e.g., infer_manual_tech_override) and other steps to change status/recommendations that materially affect review decisions.