shepherd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and interprets user-generated PR review comments via the GitHub MCP endpoints (see "Reading Comments" in references/fix-strategies.md and Step 2 / assess/classify action usage in SKILL.md), and uses those raw comments to decide fixes, replies, and subsequent tooling actions, so untrusted third-party content can influence agent behavior.