pr-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated PR and review comments from GitHub (e.g., via gh api "repos/$REPO/pulls/$PR_NUM/comments", gh pr view --json comments, and .claude/skills/scripts/get-pr-review-comments.sh) and requires the agent to read, triage, and act on those comments as part of the review/fix loop, so untrusted third‑party content can materially influence actions.