pr-threads-address

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and displays unresolved PR review threads from GitHub (see "Fetch and display all unresolved PR review threads" and the gh pr-review review view examples), which are user-generated/untrusted comments that the agent is expected to read, interpret, and act on (make code changes, commits, and replies), so those third-party comments could inject instructions that influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's prerequisite runs "gh extension install agynio/gh-pr-review", which fetches and installs remote code from the GitHub repository (https://github.com/agynio/gh-pr-review) at runtime and is a required dependency for the skill.