review-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses PR comments, review bodies, and review threads from GitHub via commands like "gh api repos/{owner}/{repo}/issues/<PR_NUMBER>/comments --paginate" and GraphQL queries (Phase 2 B/C), and it reads reviewer-written comment bodies and suggestion blocks to decide fixes and apply code changes, which exposes the agent to untrusted, user-generated third-party content that can change its actions.