resolve-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and displays GitHub pull request review comments via gh api /repos/{owner}/{repo}/pulls/{number}/comments and GraphQL reviewThreads (comments.body), which are user-generated, untrusted third-party content the agent must read and act on when deciding fixes, replies, and resolves, so they could indirectly inject instructions.