agent-swarm-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and processes user-generated GitHub pull request content (PR bodies, diffs, labels, files, and PR comments) and webhook payloads—public/untrusted third-party sources that the agent ingests and interprets as part of its workflow (e.g., gh pr view, gh pr diff, issue_comment handling, and webhook-handler.js).