fusion-dependency-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and reading existing top-level PR comments and review threads from GitHub (see agents/research-advisor.md and references/instructions.md: "fetch existing top-level PR comments and review threads through GitHub MCP") and then uses that untrusted, user-generated content to drive security, quality, impact analyses and the final verdict, which could allow indirect prompt injection.