review-github-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches PR metadata and diffs from GitHub using commands like gh pr view <number> and gh pr diff <number> (SKILL.md Steps 2–3), thereby ingesting untrusted, user-generated PR descriptions and code diffs that the agent is required to read and use to drive its review and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs GitHub CLI and git commands (e.g., gh pr view / gh pr diff which fetch from GitHub's API like https://api.github.com or the repository remote such as git@github.com:org/repo.git) at runtime and uses the retrieved PR body/diff as input that directly controls the agent's prompts/summaries.