greptile-address

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly fetches PR reviews and inline comments using gh api and GraphQL (see steps 3–4 and references/graphql-queries.md), and instructs the agent to read those review/comment bodies (user-generated third‑party content) and act on them (classify, apply fixes, resolve threads), so external content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses runtime GitHub API calls (gh api repos/{owner}/{repo}/pulls/<PR_NUMBER>/reviews and gh api repos/{owner}/{repo}/pulls/<PR_NUMBER>/comments) to fetch Greptile review text which is then used to instruct/classify fixes and drive agent actions, so external content directly controls the agent's behavior.