resolve-pr-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests user-generated PR review threads and comment bodies from GitHub (see scripts/get-pr-comments and SKILL.md step 4, which passes "the full comment text" to spawned agents) and uses that untrusted content to drive code changes, replies, and agent decisions, creating a clear avenue for indirect prompt injection.