qodo-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated PRs, GitHub/GitLab issues, Jira tickets, and repository/docs content (see "Fetching ticket context" in references/core-abilities.md and tools/help_docs / tools/review), and those contents are used to drive reviews, labels, and committable suggestions—so untrusted third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The help_docs tool explicitly accepts a runtime repo_url to fetch external repository documentation and inject it into the model prompt (see https://qodo-merge-docs.qodo.ai/tools/help_docs/), so external repo URLs provided at runtime can directly control agent prompts.