review-security-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated GitHub issue bodies and comments using gh issue view (Step 1/Step 2) and passes the issue title/body/comments to a sub-agent (principal-engineer-reviewer) for analysis and decision-making, so public/untrusted GitHub content could inject instructions that materially influence the agent's actions.