pr-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and interprets user-generated GitHub content — e.g., PR descriptions and linked issues in the "Assess" step and full review comment bodies and review threads via gh api / GraphQL in the "Address Reviews" step — and uses those untrusted third-party texts to drive decisions and actions (categorization, fixes, replies, thread resolution), enabling indirect prompt injection.