help-me-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The required workflow explicitly fetches PR diffs with "gh pr diff <PR_NUMBER>" (SKILL.md step 1) and then instructs the agent to read $REVIEW_DIR/blocks/index.md and source files (step 3) — meaning it ingests user-generated GitHub PR/diff content (third‑party) that the model must interpret and that can materially influence its review actions and generated comments.