ha-integration-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill dynamically fetches and reads public GitHub content (e.g., raw.githubusercontent.com URLs for quality-scale rules and copilot-instructions.md and gh api calls to repos/home-assistant/core/contents/...), which are untrusted, user-editable third‑party sources the agent is expected to interpret during reviews, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs runtime fetches of raw GitHub content (e.g. https://raw.githubusercontent.com/home-assistant/developers.home-assistant/refs/heads/master/docs/core/integration-quality-scale/rules/{rule_name}.md and https://raw.githubusercontent.com/home-assistant/core/dev/.github/copilot-instructions.md) which are injected/used to drive the agent's validation prompts and are required for each review, so these are runtime external dependencies that directly control agent behavior.