gh-pilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR review threads and comment bodies from GitHub using gh api/GraphQL (see "Fetch Copilot state first" and the "Fetch unresolved threads" queries) and then reads and acts on those comments to classify issues, implement fixes, and resolve threads, so third-party review content can materially influence agent actions.