get-pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch_pr_comments.py explicitly calls the GitHub API (e.g., repos/{owner}/{repo}/issues/<PR_NUMBER>/comments and repos/{owner}/{repo}/pulls/<PR_NUMBER>/reviews) to ingest PR comments and review bodies (user-generated, potentially public) and then parses them to extract "actionable" items that directly influence suggested follow-up actions, so untrusted third-party content can change agent behavior.