loop-address-pr-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests reviewer-written PR content from GitHub (see "Phase: Gather" with gh api calls for /issues/{num}/comments, /pulls/{num}/comments and GraphQL reviewThreads) and then reads and acts on those comment bodies to triage/fix/respond, exposing the agent to untrusted, user-generated third-party content.