review-chamber

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests PR discussion content and review findings (e.g., "Context (from PR discussion)", "sanctum:pr-review triggers capture", and examples like "/pr-review 42" and "Review posted to GitHub"), which are user-generated/untrusted third-party inputs the agent is expected to read and interpret.