diffity-tour

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and use GitHub PR data (e.g., "gh pr view --json" and "gh pr diff ") and to quote/summarize the PR body to drive the tour scope and conclusions, so untrusted, user-generated PR content from github.com can influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts a GitHub PR URL (e.g. https://github.com/owner/repo/pull/123) and at runtime runs gh pr view / gh pr diff and diffity --no-open <pr-url> to fetch the PR body and unified diff, which the agent is instructed to quote/summarize and use to drive the tour narrative, so remote content directly controls the agent's prompts.