qodo-pr-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses GitHub PR comments (via gh api repos/{owner}/{repo}/issues/{pr}/comments and pulls/{pr}/comments) and extracts "Agent Prompt" sections from those user-generated comment HTML bodies to drive fix proposals and automated code changes, which allows untrusted third-party content to supply instructions that materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls GitHub API endpoints at runtime (e.g., gh api repos/{owner}/{repo}/issues/{pr_number}/comments and gh api repos/{owner}/{repo}/pulls/{pr_number}/comments) to fetch Qodo "Agent Prompt" sections from review comments and then uses those fetched prompts as primary fix guidance, so external content directly controls agent instructions and is required for the skill to operate.