pr-review-fixer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR reviewThreads, reviews, and comments from GitHub using the gh GraphQL API in the "Fetch PR Comments" step and then reads/validates those user-generated PR comments to decide fixes, resolve threads, and run/localize changes, so untrusted third-party content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the GitHub API via gh api graphql (https://api.github.com/graphql) and related gh pr commands at runtime to fetch PR comments and review data, and those fetched comments are directly used to drive the agent's prompts/actions (validate issues and implement fixes), so this is a runtime external dependency that controls agent behavior.