heal-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated GitHub content — e.g., gh api repos/{owner}/{repo}/pulls/$PR_NUMBER/comments, gh pr view, and gh run view --log-failed — and instructs the agent to read review comments and CI logs and act on them, so untrusted third-party content can directly influence its decisions and actions.