code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests untrusted, user-generated code and PR diffs (e.g., git diff origin/${{ github.base_ref }}...HEAD > diff.txt and the changed-files outputs used in the GitHub Actions workflows and CLI invocations that embed $(cat diff.txt) or staged file lists) and feeds that content directly to LLM review engines, which could allow indirect prompt injection.