doc-n-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and parses user-generated GitHub PR reviews and comments (via commands like gh pr view and gh api repos/{owner}/{repo}/pulls/{number}/comments) and then interprets those comments into actionable checklist items and fixes, so untrusted third-party content from GitHub can directly influence agent decisions and tool use.