pr-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading source code and generating line-level findings, code examples, patches, and review comments without instructing redaction, so it may expose hardcoded API keys or passwords verbatim in outputs (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and reading GitHub PR content (e.g., "gh pr view " and reading changed files) so the agents will ingest user-generated, public PR text/code from GitHub and can act on it (synthesis, apply fixes, or post comments), creating a clear vector for indirect prompt injection.