performance-testing-review-ai-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill checks out and ingests GitHub pull request diffs and repository files in its CI/CD workflow (see the GitHub Actions checkout step and CodeReviewOrchestrator.ai_review which injects the PR diff and static analysis into an LLM prompt), so untrusted, user-generated PR content can be read by the model and materially influence automated review actions.