software-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Review Mode explicitly instructs the agent to "GATHER PR diff, related files, linked issues (gh pr view, gh pr diff)" (SKILL.md Review Mode), which requires fetching and interpreting user-generated GitHub PR/issue content that could contain untrusted instructions influencing review decisions and subsequent actions.