code-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly integrates with GitHub/GitLab (e.g., "GitHub/GitLab: PR Comments as auto-post" and the .github/workflows CI example that runs claude-code review --pr), meaning the agent will fetch and read user-generated PR/repository content from third-party sources that can be public and untrusted.