pr-review-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses pull request/merge request diffs from GitHub/GitLab (see SKILL.md "Diff source — ... GitHub PR URL, or GitLab MR URL" and review.py's fetch_gh/fetch_glab using gh/glab), treating those untrusted, user-generated diffs as input to its risk scoring and review decisions, so arbitrary third-party content can materially influence its outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes external fetches at runtime via the CLI calls "gh pr diff" (owner/repo#NUMBER) and "glab mr diff" (group/project!NUMBER), which retrieve remote PR/MR diffs that are then injected into the tool's processing and directly control the generated review content.