pr-commit-workflow

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill intentionally requires capturing and embedding full prompt history and environment metadata (via scripts that read environment variables and system info) into PR bodies that will be pushed to remote repositories, creating a deliberate and high-risk data-exfiltration vector capable of leaking prompts, environment variables, tokens, or other sensitive data; there is no hidden backdoor or remote-exec code, but the workflow's design purposefully enables leaking sensitive local/agent context to external GitHub remotes.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The PR workflow (references/workflow-pr.md) explicitly instructs the agent to fetch and summarize PR comments using commands like "gh pr view --comments" and "gh api /repos///pulls//comments --paginate", which pulls user-generated GitHub comments (untrusted third-party content) that the agent must read and act on, creating a clear avenue for indirect prompt injection.