codex-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external, user-generated PR diffs via "Code mode" (Step 0: "ARGUMENTS 是 PR 編號 → gh pr diff 123") and then assembles that diff/code into the Codex prompt (Step 1 "將審查對象內容 ... 組裝成完整 prompt"), so untrusted third‑party content from GitHub can directly influence review verdicts and follow-up actions.