lynx-repair

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and parse GitHub pull request review comments via commands like "gh pr view {number} --comments" and "gh api repos/{owner}/{repo}/pulls/{number}/reviews", which are user-generated, untrusted third‑party contents the agent must read and act on, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill invokes GitHub CLI/API at runtime to fetch PR details and review comments (e.g., https://api.github.com/repos/{owner}/{repo}/pulls/{number}/reviews), and those fetched comments are injected into the agent's context to drive its responses, so the external content directly controls prompts.