coderabbit-sdk-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches PR reviews and review comments via the GitHub API (e.g., octokit.pulls.listReviews and pulls.listReviewComments in "Step 1" and "Step 2" of SKILL.md) and reads the comment bodies from coderabbitai[bot], which are third‑party/user-generated content that the scripts and CI gate use to categorize severity and to block/allow merges, so external content can influence actions.