agent-code-review-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests GitHub PR content (e.g., "gh pr view $PR_NUM --json files,title,body,labels" and "gh pr diff") and passes PR diffs/bodies to npx ruv-swarm agents, so untrusted user-generated PR text can influence automated comments, approvals, and requests-for-changes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes "npx ruv-swarm" (which will fetch and execute the remote npm package, e.g. https://registry.npmjs.org/ruv-swarm) at runtime to drive agent orchestration and prompts, so it fetches and runs external code the skill depends on.