pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated PR review bodies, inline comments, and timeline comments from GitHub via gh api (see "Step 2 Fetch Inline Review Comments", "Step 2b/2c", and the gh api calls in SKILL.md), and then interprets those comment bodies to decide and drive actions (fix, accept suggestions, reply, resolve threads, push), so untrusted third‑party content can materially influence tool use and behavior.