pr-comment-responder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly retrieves and processes user-generated GitHub PR content (e.g., Phase 1 Step 1.3 "Retrieve ALL Comments" via get_pr_review_comments.py --include-issue-comments and gh API calls in gates.md), ingesting untrusted third-party review/comment text that the agent analyzes and uses to decide actions and post replies.