code-review-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Read the PR description, commit messages, and any linked issues" (SKILL.md Step 1) and includes scripts/pr-diff.sh that fetches PR metadata and diffs from GitHub via the gh CLI, so untrusted, user-generated PR descriptions/issue content from the public web will be ingested and can influence the agent's review decisions and next actions.