pr-learning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's collect_feedback.py (and SKILL.md workflow) explicitly fetches GitHub PR review threads, comments, commits and file patches via the gh API/GraphQL (scripts/collect_feedback.py), and those untrusted, user-generated review texts are parsed by build_candidates.py and presented to the agent to make KEEP/REJECT and codification decisions (writing AGENTS.md/CLAUDE.md), so external PR content can influence tool actions and next steps.