address-github-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and reading GitHub PR comments via "gh pr view --comments", which are user-generated/untrusted third-party content that the agent must interpret to decide and apply fixes, enabling indirect prompt injection.