gh-autopilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill automatically fetches and interprets GitHub pull request reviews and review threads from the public GitHub API (see scripts/run_autopilot_loop.py and scripts/export_copilot_feedback.py which call gh api graphql to load PR reviews/threads) and the workflow (SKILL.md Stage 2/3) requires the agent to read those user-generated comments and act on them (resolve threads, push changes, reply, finalize), so untrusted third-party content can directly influence tool actions.