pr-comment-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read unresolved PR comments from GitHub (e.g., "Fetch unresolved comments from PR" and the gh api calls in the "Pending Review API Workflow" / "Resolving Review Feedback" sections), meaning it ingests untrusted, user-generated third-party content and uses it to decide and draft follow-up actions.