pr-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR review and discussion comments via erk exec get-pr-review-comments and get-pr-discussion-comments (see SKILL.md and references/commands.md), which are user-generated GitHub PR comments that the agent is instructed to read, classify, and act on (resolve/reply), so untrusted third-party content can materially influence actions.