pr-review-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, user-generated GitHub content (e.g., the discovery steps and commands in references/discovery.md: "gh pr list", "gh pr view --json reviews,comments", and "gh api .../pulls//comments") and requires the agent to read and act on PR reviews, comments, and CI logs as part of its workflow, so untrusted third-party content can materially influence decisions and tool use.