visual-explainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret user-generated GitHub content (e.g., "gh pr diff 42" and "read PR descriptions" in prompts/diff-review.md and related workflows), which are untrusted third‑party sources that the agent reads and uses to drive decisions in the review/diagram generation.