aiden-review-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow (SKILL.md) instructs the agent to fetch and read untrusted, user-generated GitHub content—e.g., calling mcp__aiden__github_get_pr_diff, mcp__aiden__github_list_pr_comments, mcp__aiden__github_list_pr_reviews, and reading source files—which the agent must interpret and use to decide and post reviews, so third-party content can materially influence actions.