pr-sweep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches GitHub pull request review threads and comment bodies via the gh api graphql query in "Step 2
• Fetch Unresolved Review Threads" and then requires the agent to read and interpret those user-generated review comments to decide whether to reply, resolve threads, and create tasks (Steps 3–5), exposing it to untrusted third-party content.