super-execute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly invokes gh-address-comments and instructs the agent to "read all PR bot comments (CodeRabbit, etc.)" and fix every comment as part of the workflow (see "Step 3: Address PR Bot Comments" and related gates), which means it ingests untrusted, third-party PR/bot comments that can directly drive downstream actions.