comprehensive-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's fetch-diff subagent (fetch-diff.md) explicitly fetches and ingests PR bodies, PR comments, commit messages, and committed .md files from arbitrary GitHub PRs (public/user-generated content) and uses that combined "task description" to drive downstream reviews and actions, which enables indirect prompt injection via untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's PR mode accepts a GitHub PR URL (https://github.com///pull/<PR_NUMBER>) and the fetch-diff subagent uses gh pr view/gh pr diff to fetch the PR body/comments which are then injected as the "Task description" into subagent prompts, so remote PR content directly controls agent instructions.