pr-sweep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches GitHub PR reviewThreads and comment bodies via the Step 2 GraphQL query (gh api graphql ... reviewThreads { ... comments { body author } }) and then instructs the agent to read and interpret those user-generated comments to decide replies, resolves, and task creation (Steps 3–5 and Step 4a mutations), exposing it to untrusted third-party content that could inject instructions.