github-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (notably github_pr.rb's THREAD_QUERY and COMMENT_QUERY used by scripts/list_unresolved_review_threads.rb and scripts/reply_and_resolve_review_threads.rb, and scripts/show_test_ci_results.rb which runs gh run view --log-failed) fetch GitHub pull request review threads, comment bodies, and workflow logs—all user-generated/untrusted third-party content that the agent is expected to read and that can materially influence replies and subsequent actions.