ai-review-validator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and parses GitHub PR comment content from user-provided PR comment URLs (see "Step 0: Fetch GitHub PR Comment" and scripts/github_url_converter.py), meaning it ingests untrusted, user-generated third-party content (comment "body") that the agent reads and acts on, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches GitHub PR comment content at runtime (e.g., https://api.github.com/repos/UniClipboard/UniClipboard/pulls/comments/2734386595) and injects the comment "body" into its parsing/modify/apply workflow (modification_prompt, code replacements, commits), meaning remote content directly controls agent instructions.