skill-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill mandates a Pre-Review "scope drift" check (which compares diffs against the "stated intent") and includes explicit GitHub CLI steps (gh pr list / gh pr comment) to detect/post to PRs, meaning it will ingest and act on user-generated PR descriptions/comments from GitHub (untrusted third-party content) that are incorporated into the review synthesis and posting workflow, enabling indirect prompt injection risk.