writing-checks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows the agent to "use a browser to visit URLs" and to use the GitHub CLI to read PR metadata, comments, and linked issues, which exposes it to arbitrary web pages and user-generated GitHub content that the agent will read and interpret during reviews.