wp-pr-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill mandates including vulnerable code snippets verbatim for CRITICAL findings (and may post them as PR comments), so if the repository or diffs contain API keys, tokens, or passwords those secret values would be output directly by the LLM.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR metadata and diffs from public GitHub/GitLab (e.g., Step 2.1 "gh pr diff" and Step 2.2 "gh api repos/{owner}/{repo}/pulls/{number}/files") and then reads those file patches and surrounding code for LLM-driven analysis (Step 4), so untrusted, user-generated PR content can materially influence decisions and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches PR diffs and file patches at runtime from GitHub/GitLab (e.g., gh pr diff on https://github.com/owner/repo/pull/123 and gh api repos/{owner}/{repo}/pulls/{number}/files), and injects that remote content into the model context for review, which can directly control prompts/instructions.