code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-generated repository/PR content — e.g., "Mode 3 — GitHub PR" runs gh pr diff <number> --name-only and the workflow reads diffs/full files and project docs like docs/CodeStyle.md (which override rules), so untrusted GitHub/repo content is loaded and can materially influence review decisions and tool behavior.