code-review-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts MR/PR numbers or URLs and repository URLs (Step 1 "Review Sources" and code-context.json examples like "git@gitlab.com:group/project.git") and then collects diffs/commits and project files (Step 3), meaning the agent will fetch and read arbitrary repository content (user-generated/untrusted) as part of its workflow.