fetch-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch a GitHub pull request body and its messages for a PR URL or the current repository, which are user-generated, potentially public third-party contents that the agent will read and could contain embedded instructions influencing its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running bunx @willbooster/agent-skills@latest fetch-pr <pr-number-or-url>, which fetches and executes remote package code from the npm registry (the external dependency "@willbooster/agent-skills@latest") at runtime, so the fetched content executes remote code and is required for the skill.