vmr-codeflow-status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's PowerShell script (scripts/Get-CodeflowStatus.ps1) explicitly calls the GitHub CLI / GitHub API to fetch PR bodies, comments, commits and timelines (user-generated public content) and resolves aka.ms/ci.dot.net redirects, then emits a [CODEFLOW_SUMMARY] JSON which the agent is instructed to read and use to generate actionable darc commands and recommendations—so untrusted third-party content directly influences agent decisions.