flow-next-opencode-plan-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends review prompts to external reviewer backends (RepoPrompt via $FLOWCTL rp chat-send and OpenCode via $FLOWCTL opencode plan-review) and explicitly instructs the agent to read and parse the reviewer responses (including the RepoPrompt <file_contents> section) to extract verdicts and issues that drive fixes and follow-up actions, so untrusted third-party content directly influences decisions (see workflow.md Phase 3 and SKILL.md OpenCode/RepoPrompt sections).