address-gh-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (gh-address-comments SKILL.md) instructs the agent to run gh-address-comments/scripts/fetch_comments.py which uses gh api graphql to fetch GitHub pull-request comments, reviews, and review threads (user-generated, untrusted third-party content) and then to read/act on those comments to decide and apply fixes.