pull-requests

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and processes untrusted, user-generated content from GitHub pull requests (e.g., via scripts/fetch_comments.py which calls gh api graphql and the various gh pr view commands referenced in SKILL.md and the reviewing/addressing workflow files), and the agent is expected to read, summarize, and act on those comments/threads (choose fixes, reply, resolve threads), which could allow indirect prompt-injection from third‑party content.