writing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Workflow (fn gatherContext) explicitly runs commands like "gh pr diff $target" (and other git diffs) to fetch PR diffs / code from GitHub or remote repos — i.e., arbitrary user-generated content — which the agent is expected to read and interpret to drive review decisions and tool actions, creating a clear vector for indirect prompt injection.