bug-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-submitted PR diffs and metadata from GitHub (see scripts/fetch-pr.sh using "gh pr diff" / "gh pr view") and feeds that untrusted, user-generated content into the review passes and independent validator (references/review-passes.md), which then drive posting comments and autofix edits—so third‑party content is read and can materially influence tool actions.