fix-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches CodeRabbit review comments via the GitHub API (repos///pulls/<pr_number>/comments and reviews for user coderabbitai[bot]) and directly reads, classifies, and can auto-apply suggestion code blocks or descriptive instructions from those comments to modify code, so untrusted comment content could inject actionable instructions that change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls GitHub API endpoints at runtime (e.g., gh api "repos///pulls/<pr_number>/comments" and gh api "repos///pulls/<pr_number>/reviews") to fetch reviewer comment bodies — including ````suggestion`` blocks — which the skill can directly apply to source files and thus executes/controls code changes from remote content.