difit-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read diffs and preload comment bodies into --comment JSON passed on the command line, which requires reproducing exact lines from the diff (and thus would force the LLM to output any API keys/passwords present verbatim), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to inspect diffs provided as GitHub PR URLs, patch files, or other user-supplied targets (SKILL.md Step 1 and difit --pr ), meaning it will fetch and interpret untrusted, user-generated third-party content that can influence its comments and actions.