review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads repository files and PR content from third-party repos (Phase 0: "CLAUDE.md を Read", "gh pr view <PR_NUMBER> --repo --json ..." and "gh pr diff <PR_NUMBER> --repo ", plus git diff/git fetch flows) and then uses those user-generated PR files and CLAUDE.md to build agent prompts and drive review decisions, so untrusted third-party content can materially influence agent behavior.