reviewing-code-perfectly

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and reads user-generated GitHub pull request content (see SKILL.md Step 1: "gh pr view --json title,body,files" and "gh pr diff ", and Step 2: read files from $REVIEW_DIR), which the agent is expected to interpret to drive review decisions and to load other skills—i.e., untrusted third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches PR metadata and checks out PR code at runtime from GitHub (e.g., https://github.com/org/repo/pull/42 via gh pr view and pr-review-worktree setup), and those fetched files and PR description are read into the agent's review context so they directly control the agent's prompts.