code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly reads external pull request diffs and repository content (e.g., "gh pr diff ", "git diff", "git show") which can ingest untrusted, user-generated code/PR text from third-party GitHub repos that the agent is expected to interpret and use to drive review decisions.