pr-address-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and consumes user-generated GitHub PR review threads and general PR comments (see Step 1: gh api graphql querying repository.pullRequest.reviewThreads and gh api repos/OWNER/REPO/issues/PR_NUMBER/comments), and those untrusted third-party comments are explicitly read and used to plan code changes, commits, and replies—allowing indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill issues runtime GitHub API calls (e.g. to https://api.github.com/graphql and https://api.github.com/repos/OWNER/REPO/issues/PR_NUMBER/comments via gh api) to fetch PR review threads/comments which are then injected into the agent's evaluation and planning flow, so external, user-authored content can directly influence the agent's prompts and actions.