code-review-ai-ai-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly checks out and ingests GitHub pull request diffs and repository files (see the GitHub Actions checkout step and the CodeReviewOrchestrator.ai_review which takes a PR diff and static analysis results and embeds them in LLM prompts to Anthropic), so it consumes untrusted, user-generated PR code that can materially influence model-driven review actions.