review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill ingests repository diffs and produces line-specific comments and diff/code blocks (suggested fixes), so if the code contains API keys or passwords the LLM will likely reproduce those secret values verbatim and there is no instruction to redact them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and reviews external pull request diffs via "gh pr diff $PR_NUMBER" and includes the diff content in expert prompts (Task tool preloads "Diff content" and project files), meaning untrusted user-generated PR content can be read and influence review decisions and automated fixes.