autofix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches unresolved GitHub PR review threads via the GitHub GraphQL API (github.md §2 / SKILL.md Step 3), extracts the "🤖 Prompt for AI Agents" content from those third-party review comments, and explicitly executes those prompts as direct instructions to modify code (SKILL.md Steps 4, 6, and 7), which allows untrusted user-generated content on GitHub to change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses gh api graphql to fetch CodeRabbit PR review threads from GitHub (GitHub GraphQL API at https://api.github.com/graphql) and then directly executes the "🤖 Prompt for AI Agents" content from those comments as instructions at runtime, so external content from that URL controls agent prompts.