review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs in "Pass 1: Step 0" to "always fetch" ticket URLs found in PR descriptions (e.g., Jira/Linear/GitHub issue links), meaning the agent will retrieve and interpret user-generated third‑party ticket/webpage content that can directly affect review decisions.