github-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses user-generated GitHub PR comments and review bodies via gh api repos/$REPO/pulls/$PR/comments and repos/$REPO/pulls/$PR/reviews (including CodeRabbit "Prompt for AI Agents" blocks) and explicitly uses those prompts to guide fixes and automated actions, so untrusted third-party content can influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the skill explicitly fetches CodeRabbit review bodies (via the GitHub Reviews API, e.g. https://api.github.com/repos///pulls//reviews or the equivalent gh api repos/$REPO/pulls/$PR/reviews) and directs the agent to "ALWAYS use CodeRabbit 'Prompt for AI Agents' as primary context", so remote review content can directly control prompts/instructions.