code-review-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests and reviews the "diff" / pull request content (user-provided git diffs and PR content), which is untrusted user-generated third-party input that the agent reads and interprets as part of its workflow, allowing indirect prompt injection via code/comments/strings.