reviewing-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Retrieve any additional information linked to the pull request using available tools (JIRA MCP, GitHub API)" (SKILL.md Step 1), meaning it will ingest user-generated PR/issue content from GitHub/JIRA which is untrusted and read as part of its workflow.