gh-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts/fetch_comments.py (called from SKILL.md step 1) uses the GitHub CLI to fetch PR conversation comments, reviews, and review threads from the (open) pull request—these are user-generated, third-party contents that the agent is instructed to read and act on (summarize and apply fixes), so they could contain instructions that materially influence the agent's subsequent actions.