add-best-practice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs the agent to fetch and read GitHub PR review comments, PR diffs, and source files via gh api when given a PR comment URL — all are user-generated, public content that the agent must interpret and which can materially influence drafting, validation, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches GitHub review comment content at runtime via the gh API endpoint (gh api repos///pulls/comments/<comment_id>) and injects that fetched text and related diff/context into a review subagent prompt, meaning remote content directly controls the agent's prompt context.