ha-integration-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to dynamically fetch and read public GitHub raw documents (e.g., "WebFetch: https://raw.githubusercontent.com/home-assistant/developers.home-assistant/.../rules/{rule_name}.md" and other curl/gh api calls in SKILL.md and references/review-workflow.md), so untrusted third‑party content from public repositories is ingested and used to drive verification decisions and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching remote markdown at runtime (e.g. https://raw.githubusercontent.com/home-assistant/developers.home-assistant/refs/heads/master/docs/core/integration-quality-scale/rules/{rule_name}.md and https://raw.githubusercontent.com/home-assistant/core/dev/.github/copilot-instructions.md), which would be injected/used to drive the agent's verification prompts, so this is a runtime external dependency that controls prompts.