review-code

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs the agent to extract and output exact code snippets and diffs (file:line references and code examples), which would verbatim expose any API keys, tokens, or passwords present in the reviewed code, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 0: "Determine Review Scope") explicitly instructs the agent to fetch and read PRs/commits using commands like gh pr view <pr_number> --json files, gh pr diff <pr_number>, git show <commit_sha>, and related git diff commands, which ingest user-generated code from third-party repositories and the agent must read and act on that content to produce review findings.