gerrit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly queries Gerrit via SSH/CLI (see scripts/gerrit.py run_gerrit_query and cmd_changes_view) and the SKILL.md/references (common-workflows.md, advanced-usage.md) show it ingesting and displaying change data and user-generated review comments from the Gerrit server—which the agent reads as part of its workflow and can drive follow-up actions—so untrusted third-party content could indirectly inject instructions.