gh-pr-fix-once

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's helper script (scripts/pr_health.py) calls "gh api graphql" with THREAD_QUERY to fetch PR review threads and comment bodies from GitHub (and SKILL.md mandates inspecting unresolved review threads and failing job logs), which are user-generated, untrusted third-party content that the agent reads and uses to decide fixes and whether to resolve threads.