qodo-pr-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Step 3 and Step 6/7 in SKILL.md) explicitly fetches PR/MR review comments from external git providers (GitHub/GitLab/Bitbucket/Azure DevOps/Gerrit) and parses and executes Qodo's "Agent Prompt" text from those comments—untrusted, user-generated content that the agent is expected to interpret and may directly drive edits, commits, and replies.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches Qodo review comments at runtime from provider APIs (e.g. Gerrit: https://<GERRIT_URL>/a/changes//comments) and explicitly parses and then executes the fetched "Agent Prompt" text as direct instructions, so the external URL's content directly controls the agent's behavior.