address-pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads PR review comment bodies from GitHub via "gh api /repos/{owner}/{repo}/pulls/{pr_number}/comments" (Step 1) and then interprets those user-generated comments to decide fixes, commits, and replies, so untrusted third-party content can directly influence agent actions.