github-pr-fixer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub PR discussion and review comments (e.g., gh api .../issues/<PR>/comments, gh api repos/.../pulls/<PR>/comments, and gh pr-review threads list) which are untrusted, user-generated third-party content and are directly used to decide fixes, edits, commits, and replies per the SKILL.md workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the GitHub CLI extension agynio/gh-pr-review (installed via "gh extension install agynio/gh-pr-review", i.e. fetching from https://github.com/agynio/gh-pr-review) which downloads and executes remote code at runtime and is a required dependency.