pr-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompts require each subagent to include verbatim diff lines / code quotes as "Evidence" (and publish those in stickies/inline comments), which forces the LLM to echo any secrets present in the diff (API keys, tokens, cookies, or passwords) into its outputs — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests PR/MR diff content (including outsider-authored PR body/diff text) and passes it into subagents’ LLM context via the “Parallel dispatch” step, creating an indirect prompt-injection exposure path from outsider code/comments into the model.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)