git-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and processes user-generated PR/MR review threads and comment bodies from third-party sources (see "Fetch Unresolved Threads" with gh api graphql and the glab discussions API in SKILL.md and references), and the agent is instructed to read, interpret, and act on those comments (classify, change code, reply/resolve), so untrusted content could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetches from external APIs (e.g., gh api graphql -> https://api.github.com/graphql, gh api repos/{owner}/{repo}/pulls/{pr}/comments, and glab api projects/{project_id}/merge_requests/{iid}/discussions) to retrieve PR/MR review thread/comment bodies that are injected into the agent's analysis and reply workflow, so these endpoints can directly control prompts.