greploop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses PR/MR/CL bodies, review notes, and inline comments from third-party sources (GitHub/GitLab/Perforce via commands like "gh pr view --json body", "gh api .../pulls/.../reviews", "glab api .../notes", and "p4 review -c") and uses that untrusted, user-generated content to decide code changes, resolve threads, and control the iterative loop, which could enable indirect prompt injection.