test-guide-from-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 该技能在步骤1中若输入为 MR/PR URL，会通过运行时 CLI（如 glab mr diff / gh pr diff）获取 diff；该 diff 来自第三方提交者的 MR/PR 正文内容，属于“外部作者的代码变更/PR/MR diff 文本”并会被作为可读文本进入 LLM 分析与生成上下文。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). When provided an MR/PR URL (e.g., https://gitlab.example.com/merge_requests/123) the skill explicitly invokes CLI commands (glab/gh) at runtime to fetch the remote diff and uses that fetched diff as the primary input that directly controls the agent's prompt/output, so external content can influence generation.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)