pr-pilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly runs the /pr-review-fixer and uses GH PR commands to fetch unresolved pull-request comments and CI failures (user-generated content on PRs), which the agent is expected to read/interpret and act on (fix/push/merge) in the Review Loop, exposing it to untrusted third-party content.