gerrit-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's helper script (scripts/gerrit_api.sh) and SKILL.md explicitly call the Gerrit REST API at the configured GERRIT_URL (endpoints like /a/changes/, /files/.../diff, /files/.../content) to fetch change details, diffs, file contents and review comments — all user-generated/untrusted content from an arbitrary Gerrit instance that the agent parses and can use to decide and perform actions (post reviews, submit/abandon changes).