autofix

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read and display "current code" and "proposed diff" and to execute/display CodeRabbit's agent prompts literally, which would require outputting any secret values present in files or prompts verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches PR review threads from GitHub (gh api graphql reviewThreads per github.md and SKILL.md Step 3/4), extracts the CodeRabbit comment body including the "🤖 Prompt for AI Agents" section, and is instructed to execute that prompt literally (SKILL.md Steps 6 and 7), which clearly ingests third-party comment content that can drive tool actions and edits.