frontend-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly fetches MR/PR metadata, full diffs, and repository files from GitHub/GitLab via the MCP (see SKILL.md steps "Fetch MR/PR metadata", "Fetch full diffs", and "MCP only"), which are untrusted, user-generated third‑party contents that the agent must read and act on as part of the review.