ah-review-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches remote PR metadata and diffs using gh pr view and gh pr diff and may gh pr checkout (Steps 2 and 4), writing a shared DIFF_FILE that subagents are required to read and use to decide HAS_REACT, which subagents to launch, and subsequent actions, thereby ingesting untrusted user-generated PR content that can influence tool use.