gh-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's scripts and workflow (scripts/fetch_comments.py using "gh api graphql" and the SKILL.md steps) fetch and explicitly instruct the agent to read and act on GitHub PR comments and review threads — user-generated, untrusted content that can materially influence code changes and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the script which uses the GitHub CLI to call the GraphQL API (https://api.github.com/graphql) at runtime to fetch PR comments/reviews whose content is then used to drive the agent's actions, so remote content can directly control prompts.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs rerunning commands with "sandbox_permissions=require_escalated" and to run gh commands "with elevated network access," which directs the agent to bypass or escalate sandbox/security restrictions on the host.