agent-swarm-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and acts on untrusted GitHub PR content — e.g., gh pr view/gh pr diff and the webhook-handler parsing github.event.comment.body and invoking npx ruv-swarm/github handle-comment — so arbitrary PR bodies/comments/diffs can directly influence agent behavior.