fix-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub PR review comments from third-party repositories using commands like "gh api repos/{owner}/{repo}/pulls/{pr_number}/reviews" (Step 1) and then requires the agent to read, interpret, and act on those user-generated review comments (Steps 3 and 6), which are untrusted content that can influence actions.