reviewing-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly instructs the agent to "Retrieve any additional information linked to the pull request using available tools (JIRA MCP, GitHub API)" (SKILL.md Step 1), which means the agent will fetch and interpret user-generated/public content from GitHub/JIRA that can materially influence review actions and tool use.