process-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches and reads PR metadata and user-generated review comments/threads from the repository (e.g., "Fetch PR details", "List unresolved threads", "Shows 3 comments", and "Addressing comments" / resolve-pr-comments), which are untrusted third-party content that the agent interprets to decide and perform actions.