git-host-rn-web-before-after

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches PR/MR descriptions from GitHub/GitLab (see update_review_description: current_desc="$(... glab mr view ...)" and current_desc="$(... gh pr view ...)" ), which are untrusted, user-generated third-party contents that the script parses and uses to decide how to build and push an updated review description, so external text can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git fetch and uses the repository origin URL at runtime (e.g., git@github.com:org/repo.git or https://github.com/org/repo.git), then checks out remote refs and may start the project's server command (pnpm web), which means code fetched from that remote URL can be executed during the skill run.