address-copilot-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and acts on GitHub PR review comments and review threads (e.g., "gh api repos///pulls//comments" and the GraphQL reviewThreads query in the Workflow), which are untrusted, user-generated third‑party content that the agent must read and which can directly change tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches live PR review content at runtime using GitHub API endpoints (e.g., gh api repos///pulls//comments and gh api graphql ... resolveReviewThread), and those fetched comments directly drive the agent's decisions/actions (i.e., control prompts/instructions) and are required for the skill to operate.