resolve-human-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads human review comments from the current PR using the agent-reviews CLI (see "Step 1: Fetch All Human Comments" — npx agent-reviews --humans-only --unanswered --expanded) and then interprets those reviewer comments to decide fixes, commits, and replies, so untrusted user-generated GitHub PR content can materially influence agent actions and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs npx agent-reviews at runtime, which fetches and executes the remote npm package (e.g., https://registry.npmjs.org/agent-reviews or https://www.npmjs.com/package/agent-reviews), and the skill depends on that fetched code to perform commits, replies, and other actions—so a remote package controls execution.