synthesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls VCS MCP actions that read PRs, reviews, and comments from the VCS provider (e.g., references/synthesis-steps.md Step 4 "check_coderabbit" which queries PR reviews, use of exarchos_orchestrate({ action: "list_prs" }), and the troubleshooting note that "Shepherd reads PR comments"), so it ingests untrusted user-generated PR/review/comment content that can directly change routing and merge decisions.