code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md pre-loaded context explicitly fetches and ingests GitHub pull request data via gh pr view and gh pr diff, which are user-generated/untrusted third-party contents that the agent must read and use to drive its review decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill executes gh CLI commands (gh pr view, gh pr diff) at runtime to fetch PR content from GitHub (https://github.com / https://api.github.com), and that fetched content is injected into the agent's context and directly controls its prompts/review output.