code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read pull request data, comments, and repository CLAUDE.md files via the gh CLI (e.g., "gh pr view --comments" and steps 2–4), which are untrusted, user-generated third‑party contents the agent must interpret to decide review actions, enabling indirect prompt injection.