java-code-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read library source jars from public Maven Central (repo1.maven.org) and local Gradle caches (~/.gradle/caches), meaning it will ingest untrusted third-party package source code from the open web which can directly influence review decisions.