pr-walkthrough

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch PR/MR metadata, diffs, and review comments from public GitHub/GitLab (via gh/glab CLI or fallback webfetch on the provided PR URL) and to read source files in the repo, which are untrusted, user-generated third‑party contents that the agent will interpret and use to decide analysis and presentation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly fetches PR/MR data and repository files at runtime (e.g., https://github.com/org/repo/pull/42 and similar GitHub/GitLab PR/MR URLs) via gh/glab/webfetch and injects those diffs/source files into the agent context to drive its walkthrough generation, which meets the criteria for remote content directly controlling prompts and being a required runtime dependency.