pr-resolve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 1 "Fetch PR conversations" explicitly runs gh/GraphQL calls (e.g., gh api repos/{owner}/{repo}/pulls/{number}/comments, /issues/{number}/comments, /pulls/{number}/reviews and reviewThreads) to ingest GitHub PR review bodies, threads, and comments (user- and bot-generated content) and then parses that content to decide fixes, replies, and actions, which could allow indirect prompt injection from untrusted third-party comments.