fix-pr-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches user-generated PR review comments from GitHub via gh (see the "Fetch PR comments" steps calling gh api repos/{owner}/{repo}/pulls/{pr_number}/comments, reviews, and issues) and explicitly triages and applies fixes (including applying suggestion blocks), so untrusted third-party review content can directly influence code changes and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues gh API calls at runtime (e.g., "gh api repos/{owner}/{repo}/pulls/{pr_number}/comments", "gh api repos/{owner}/{repo}/pulls/{pr_number}/reviews", and "gh api repos/{owner}/{repo}/issues/{pr_number}/comments") to fetch PR review content which is then directly used to determine and apply code edits, so the fetched external content can directly control the agent's instructions.