code-review-ai-ai-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly checks out repository code and reads pull request diffs via GitHub Actions and the GitHub API (e.g., actions/checkout, get_pr_diff, and the ai_review prompt) and feeds that untrusted, user-generated code and static-analysis output directly into LLM prompts, exposing the agent to indirect prompt injection risk.