review-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to fetch and read user-generated content from third‑party sources—e.g., GitHub issues/PR descriptions via "gh issue view" and PR/issue text—which the agent is expected to interpret as requirements during the review, exposing it to untrusted external content.