code-review

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The links point to a personal GitHub repo and a raw install.sh intended to be run (curl | bash); although hosted on GitHub, running an unchecked shell script from an unknown/likely low-activity user is high-risk and can easily distribute malware or steal credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated PR content via the gfreview integration (e.g., gfreview diff <id>, gfreview discussions <id>), and the rq/rs workflows and reviewer/analysis subagents read and act on those PR diffs and discussion threads to decide which skills to load, suggested fixes, and whether to post or apply changes—so third-party PR comments can materially influence agent behavior.