pr-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly scans diffs for hardcoded secrets and instructs the reviewer to quote specific code snippets and line numbers, which can force the LLM to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly runs GitHub CLI commands (e.g., "gh pr view --json ..." and "gh pr diff") to load PR metadata and diffs from GitHub — user-generated third-party content the agent is instructed to read and use to make review decisions — exposing it to potential indirect prompt injection.