rhdh-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow (Phase 2 in workflows/review-operator-pr.md and the referenced references/operator-pr-images.md) explicitly instructs using gh to extract CI-posted image URLs from GitHub PR comments (user-generated public content) and then uses those images to deploy operator bundles, so untrusted third-party text directly drives tool actions and deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs curl at runtime to fetch and apply remote manifests from the PR branch (e.g. "https://raw.githubusercontent.com/redhat-developer/rhdh-operator/${PR_BRANCH}/dist/rhdh/install.yaml"), which pulls external YAML that is then applied to the cluster (i.e., executes remote-controlled configuration/code), making this a high-risk runtime dependency.