pr-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The included scripts/fetch-pr-info.js explicitly calls the GitHub CLI and GraphQL API (e.g., gh api graphql) and prints PR diff, commit history, and user-generated PR comments/reviews (bodies, authors, URLs), so the skill will ingest untrusted GitHub comment content that could contain instructions affecting decisions or next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the scripts/fetch-pr-info.js at runtime which calls GitHub (e.g., gh api graphql -> https://api.github.com/graphql and gh pr diff / git fetch against the repository remote) to fetch PR diffs, commit logs, and comments that are injected into the agent context and directly drive its prompts, so these live external endpoints are a runtime dependency that controls agent instructions.