coding-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to load and review user-generated GitHub data (e.g., gh pr view, gh pr diff, gh pr checkout, and review commands) as required parts of the review/workflow (see references/reviews.md, references/WORKFLOW.md, and skills/coding-agent/SKILL.md), which exposes it to untrusted third-party PR/issue content that could indirectly inject instructions influencing decisions and actions.