gh-pr-review-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching live, user-generated GitHub review comments via gh api --paginate repos/{owner}/{repo}/pulls/{pr}/comments (see SKILL.md and references/github-review-threads.md), which the agent must read and use to decide edits, commits, pushes, and thread resolutions—allowing untrusted third-party content to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). This skill makes runtime GitHub API calls (e.g., "gh api --paginate repos/{owner}/{repo}/pulls/{pr}/comments" and the GraphQL call in the references) to fetch live review comments that are injected into the agent's decision context and thus directly influence what edits or actions the agent takes, and the workflow requires those external endpoints.