code-review-ai-ai-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly checks out and analyzes pull request diffs from GitHub (GitHub Actions: on: pull_request and actions/checkout, plus CodeReviewOrchestrator.get_pr_diff and ai_review using the PR diff), meaning it ingests user-submitted PR code/content from potentially public/untrusted contributors into static-analysis outputs and LLM prompts, which could carry indirect prompt injection.