manage-pr-review-threads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent uses list-pr-review-threads and resolve-pr-review-threads to fetch and act on pull request review threads (user-generated PR comments) from the repository, which the agent must read/interpret and could contain instructions that materially influence its replies/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the remote package "bunx @willbooster/agent-skills@latest" at runtime, which fetches and executes remote code as a required dependency and therefore can control the agent's behavior.