code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires fetching and reading PR descriptions, linked issues, and existing review comments (e.g., "Fetch the PR description, labels, linked issues, and author. Read linked issues in full" in Step 2), which are public user-generated GitHub content that the agent must interpret and which can materially influence its review actions.