pr-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs agents to ingest full PR diffs and to quote file:line snippets in generated review comments (which are then posted), so any secrets present in code or env files could be reproduced verbatim in outputs and commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public PR data (e.g., via gh pr list, gh pr view, and gh pr diff in Phase 1) and includes the PR "body" and diff in the Phase 2 code-reviewer agent prompt, meaning untrusted, user-generated GitHub content is read and directly influences generated reviews and posted comments.