code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md's "Gather the diff" step explicitly instructs fetching a diff from a GitHub PR URL, which is untrusted, user-generated third‑party content the agent will read and act on as part of its review, enabling indirect prompt injection.