iterate-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses user-generated GitHub content — e.g.,(review threads via get_review_threads GraphQL and API calls like repos/{owner}/{repo}/pulls/{number}/comments and issues/{pr}/comments in scripts/fetch_pr_feedback.py, plus CI logs via gh run ... --log-failed in scripts/fetch_pr_checks.py) — and the agent is expected to read and act on that untrusted third-party content, creating an avenue for indirect prompt injection.