respond-pr-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR review comments and thread data from GitHub (gh api "repos/$OWNER/$REPO/pulls/$PR_NUMBER/comments" and the reviewThreads GraphQL query in steps 3a/3b), which are user-generated/untrusted third‑party content that the agent is required to read and interpret to generate replies and drive actions (posting replies and resolving threads), so it could enable indirect prompt injection.