review-fix-gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (step 1) runs "bunx @willbooster/agent-skills@latest review --agent gemini" and instructs the agent to treat the returned Gemini CLI review comments as the candidate set to read and act on, meaning externally-generated, untrusted review content directly influences code-change decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running an external npm package at runtime via the command "bunx @willbooster/agent-skills@latest review --agent gemini", which fetches and executes remote code that produces the review prompts/instructions used by the workflow.