gh-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md instructs running scripts/fetch_comments.py which uses gh api graphql to fetch GitHub PR conversation comments, reviews, and review threads (user-generated content) and the agent is explicitly required to read/interpret those comments and apply fixes, so untrusted third-party PR comments could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script fetch_comments.py shells out to the GitHub CLI which calls the GitHub GraphQL API (https://api.github.com/graphql) to pull PR comments that are then injected into the agent's context to determine how it responds, so remote content directly controls prompts and is required for the skill to operate.