code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to cite exact lines and show code snippets during reviews (and has no guidance to redact secrets), so if credentials appear in the reviewed code the LLM would be expected to reproduce them verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs reading remote PR descriptions and existing comments (see "For Remote PRs: ... Read PR description and existing comments for context" and the "gh pr checkout <PR_NUMBER>" step), which ingests untrusted, user-generated content from public GitHub PRs that can influence review actions.