github-pr-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests PR context from ${GITHUB_CONTEXT_DIR}/manifest.json (via ghx/gh) and uses artifacts like review_threads and comments from GitHub PRs (references/pr-fix-workflow.md and SKILL.md), which are user-generated third‑party content that the agent must read and act on to decide fixes and publish replies.