swe-pr-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches MR/PR details, diffs, review threads, and linked issues from GitHub/GitLab (user-generated, third-party content) and directs the agent to read/interpret that content to draft and submit review comments, so those external pages could contain instructions that materially influence the agent's actions.