review-context-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read repository instruction files (e.g., find and "Explain" CLAUDE.md / AGENTS.md / GEMINI.md in SKILL.md) and to query GitHub (gh repo view / gh api collaborators in reference/checklist.md), so it will ingest untrusted, user-generated repo and GitHub content that could contain instructions influencing subsequent decisions.