ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub pull-request comments and reviews via the gh API (Step 6: "Fetch comments and PR-description reactions" / gh pr view and gh api .../comments) and then reads and triages those findings to decide fixes and subsequent automated actions, so untrusted third-party PR/review content can materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches GitHub review comments at runtime (e.g., via "gh api repos/{owner}/{repo}/pulls//comments" and "gh api repos/{owner}/{repo}/issues//reactions") and uses those external review-agent comments to drive triage and subsequent agent actions, so this is a runtime external dependency that directly influences the agent's instructions.