greploop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses Greptile review bodies and unresolved PR comments via GitHub API/GraphQL as part of its required workflow (see "Fetch Greptile review results" and the GraphQL queries in SKILL.md and references/graphql-queries.md), so the agent will read and act on untrusted, third‑party review/comment text that could contain instructions influencing code changes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, at runtime, calls GitHub API endpoints such as "gh api repos/{owner}/{repo}/pulls/<PR_NUMBER>/reviews" (and related "/comments" and GraphQL calls) to fetch Greptile review text which directly controls the agent's editing instructions and is required for the loop to operate.