octocode-pull-request-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). PR Mode fetches remote PR metadata/diff/comments via githubSearchPullRequests (including withComments=true), which ingests outsider-authored free text from PR descriptions and prior comments into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches and MUST apply repository-hosted guideline files at runtime (e.g., githubGetFileContent of .octocode/pr-guidelines.md — example URL: https://github.com/{OWNER}/{REPO}/blob/{BRANCH}/.octocode/pr-guidelines.md), so remote repo content can directly control the agent's prompts/instructions during review.