iterate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and reads PR review bodies and inline comments (SKILL.md Step 3, e.g., gh pr view / gh api calls) and QA issue comments (SKILL.md Step 4, gh api issues/{number}/comments), which are user-generated third‑party content on GitHub that the agent must interpret to decide fixes and next actions, so it can be used for indirect prompt injection.