review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates embedding the complete, untruncated diff into subagent prompts and may propagate added lines into generated review comments (and GitHub posts), which forces the LLM to handle — and potentially output — verbatim secret values if they appear in the diff.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public GitHub content (PR diffs, PR bodies, issues, reviews, and comments) via commands like gh pr view, gh pr diff, gh issue view, and gh api repos/.../comments, which are untrusted, user-generated third-party content and are read and acted on as part of the review workflow.