pr-review-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's REQUIRED workflow (Step 3 in SKILL.md) fetches unresolved PR reviewThreads via the GitHub API using gh (gh api graphql) and reads reviewers' comment bodies (user-generated, potentially untrusted) to triage and directly drive code changes, commits, replies, and thread resolutions, so third-party comments can materially influence agent actions.