pr-comment-resolving

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and parses user-generated GitHub PR review threads, issue comments, and review bodies via gh api/GraphQL (see Steps 2–4 in SKILL.md) and instructs the agent to read those contents and act on them (make code changes, post replies, resolve threads), so untrusted third‑party comments could indirectly inject instructions that change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime GitHub API calls (e.g., gh api graphql and gh api "repos/$OWNER/$REPO_NAME/issues/$PR_NUMBER/comments") to fetch PR review threads, review bodies, and issue comments which are then read and used to drive the agent's replies and code-change decisions, so external content from those URLs directly controls the agent's prompts and is a required dependency.