codereview-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches PR diffs from GitHub (see "Retrieve the PR diff via GitHub API" and the Phase 1 step using skill: retrieve-diff-from-github-pr), which are untrusted, user-generated third-party contents that the orchestrator reads and uses to triage, select specialist skills, and drive review/submit actions, allowing indirect instructions to influence behavior.