address-pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches user-generated PR and code-review comments from GitHub (via gh pr view, gh api repos/.../pulls/.../comments, and the included get-pr-review-comments.sh) and instructs the agent to read, triage, and act on those comments, so untrusted third-party content could inject instructions that influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill calls GitHub API endpoints at runtime (e.g., via "gh api repos/$REPO/pulls/$PR_NUM/comments" and the GraphQL gh api calls) to fetch PR comments that are injected into the agent's context and directly drive its replies, so these external endpoints can supply content that controls prompts and pose prompt-injection risk.