repo-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries GitHub for open issues and PRs and spawns AI review sessions that ingest and act on that user-generated content (see "ru review --plan" in SKILL.md and references/review-system.md), so untrusted third-party content can influence agent decisions and tool actions.