semi-formal-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Scope Discovery explicitly instructs the agent to "fetch the PR diff and summary from the available repo or platform tools" and the Exploration Protocol requires reading every file touched by the diff—i.e., ingesting PRs/patches which are untrusted, user-generated third-party content that the agent must interpret and which can materially influence its review decisions.