gh-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads PR_BODY and PR_COMMENTS from GitHub (via gh pr view and gh api repos/{OWNER_REPO}/pulls/{number}/comments) and instructs agents to use that user-generated PR content to inform review decisions and follow-up actions (see references/pr-review.md and teams-review.md), exposing it to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing a GitHub CLI extension at runtime via "gh extension install EurFelux/gh-pr-review" (https://github.com/EurFelux/gh-pr-review), which fetches and installs remote code the skill depends on for PR review, so remote content would be fetched and executed as a required dependency.