pr-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches PR review comments from GitHub via the gh API (see "gh api repos/{owner}/{repo}/pulls/{pr_number}/comments" in Phase 1 Step 5) and the workflow/refs (Phase 2 Step 13 and references/CODESPECT.md and CodeRabbit sections) requires extracting untrusted, user-generated "AI Fix Prompt"/"Code Suggestion"/"Prompt for AI Agents" from those comments and using them as primary guidance to generate and apply code changes, so third-party content can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls the GitHub API at runtime (e.g., via "gh api repos/{owner}/{repo}/pulls/{pr_number}/comments --paginate") to fetch review comments whose embedded "AI Fix Prompt" / "Prompt for AI Agents" text is extracted and used as primary guidance for edits, so remote content directly controls agent prompts.