review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Obtaining the Diff" workflow explicitly fetches PR metadata, full PR diffs, PR title/description, linked issues and CI logs from external PRs (user-generated content) and the agent must read and act on that content to drive review decisions, so untrusted third-party content can influence its actions.