pr-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches GitHub PR review threads and comment bodies via GraphQL and gh commands (e.g., reviewThreads nodes, comments[].body, gh pr checks and run logs), which are user-generated/untrusted third-party content that the agent must read and act on as part of its workflow.