code-review

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an individual GitHub repository and a direct raw .sh script (curl | bash style), which is a high-risk pattern because running a shell installer from an unverified/low‑profile account can execute arbitrary/malicious code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated PR content via the gfreview integration (e.g., gfreview diff <id>, gfreview discussions <id>), and the rq/rs workflows and reviewer/analysis subagents read and act on those PR diffs and discussion threads to decide which skills to load, suggested fixes, and whether to post or apply changes—so third-party PR comments can materially influence agent behavior.