ce-review

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs review agents to discard or suppress findings about specific repository paths (docs/plans, docs/solutions), which conceals potential issues and contradicts the declared goal of performing an "exhaustive" code review, so it contains deceptive instructions outside the stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests GitHub PR metadata and files ("Fetch PR metadata using gh pr view --json" and "Task {agent-name}(PR content + review context...)") which are user-generated/untrusted third-party contents and are passed to agents and decision logic that drive tool actions and todo creation, enabling indirect prompt injection.