review-gate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill queries and parses GitHub issue comments via the gh API ("/repos/$REPO/issues/$ISSUE_NUMBER/comments") to extract the REVIEW_BODY and related fields, which are user-generated, untrusted third-party content that the agent directly reads and interprets, enabling indirect prompt injection.