pr-overview

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires preserving PR bodies and unresolved comment bodies verbatim into the generated JSON/HTML output, so any secrets present in those fields (API keys, tokens, passwords) would be emitted by the LLM, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider-authored free text is ingested via gh pr view --json body (PR author’s body) and via the GraphQL gh api graphql query that fetches unresolved GitHub review/discussion body fields from other users, which are then passed verbatim into overview.json as pr_description.body and unresolved_comments[].body for LLM context/rendering.