watch-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses user-generated GitHub review bodies and line-level comments via gh api calls (e.g., repos//pulls/<PR_NUMBER>/reviews and .../comments) and uses those contents to decide and perform code changes and replies, exposing the agent to untrusted third-party input that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the GitHub API at runtime (e.g., https://api.github.com/repos//pulls/<PR_NUMBER>/reviews and https://api.github.com/repos//pulls/<PR_NUMBER>/comments) to fetch Greptile review bodies and line-level comments which are then used to drive code-change decisions, meaning fetched external content directly controls the agent's instructions.