iterate-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bundled scripts (notably scripts/fetch_pr_feedback.py and scripts/fetch_pr_checks.py, as invoked in SKILL.md) call gh api/GraphQL and gh pr checks to fetch PR review threads, issue comments, and CI logs from GitHub (repos/{owner}/{repo}/pulls/... and reviewThreads), which are untrusted, user-generated content that the agent parses and acts on to prioritize fixes and post replies—allowing third-party comment content to materially influence actions.