arinhub-code-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and checks out remote GitHub PR content (see Step 4: gh pr view, gh pr diff, gh pr checkout) and writes a DIFF_FILE that subagents read in Step 6, so untrusted, user-generated PR/diff content from third-party repos is ingested and directly influences decisions (e.g., HAS_REACT and which subagents/tools to run).