coderabbit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Workflow and references explicitly fetch and parse GitHub PR review threads and review bodies via GraphQL and REST (see "Fetch CodeRabbit Review Threads" in Workflow step 2 and references/graphql-queries.md, plus reading code at referenced file/line in step 4), which ingests user-generated, untrusted PR comments and code that the agent must interpret and act on — allowing indirect prompt injection.