address-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches GitHub PR review threads and review bodies via gh api/graphql (Step 2a/2b) and then reads/interprets those user-generated review comments to decide code changes, tests, thread resolutions, and bot re-review triggers (Steps 4, 4.5, 9, 10, 12), so untrusted third-party content can directly influence actions.