swift-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to review pull requests and diffs (e.g., "Review this PR / PR URL | gh pr diff " and "When reviewing diffs, always read surrounding context"), which requires fetching and interpreting user-generated GitHub PR content (an untrusted public source) as part of its workflow, so third-party content could influence the agent's decisions.