code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Workflow (Steps 2 and 4 in SKILL.md) explicitly fetches PR/MR/Gerrit change metadata, CI status, and diffs from GitHub/GitLab/Gerrit—untrusted, user-generated third‑party content—which the agent is expected to read and use to make review decisions and optionally post comments (approve/request changes).