code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly runs a final code review "on a pull request" and instructs subagents to "review code" (SKILL.md), which means it ingests user-generated PR code/comments (third-party content) that could contain malicious instructions and influence subagent decisions.