blast-radius

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and read PR diffs and associated PR descriptions/commit messages and linked tickets (e.g., "gh pr diff " and "Also read: PR description / commit messages for stated intent"), which are user-generated third‑party content that the agent interprets to frame its analysis and could therefore carry indirect prompt-injection instructions.