peer-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill ingests unredacted diffs/files (including possible API keys) and instructs the reviewer to quote short phrase anchors and may forward the full prompt to external CLIs or echo raw outputs/fallbacks, which can require emitting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR title/body and diffs from GitHub using gh pr view / gh pr diff and inserts that user-generated PR content into the <untrusted_diff> block which the reviewer reads and acts on (and may forward to external CLIs), thereby exposing the agent to untrusted third-party content.