ah-resolve-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch_pr_data.py explicitly pulls PR diffs, review threads, comment bodies, and linked issue text from GitHub (user-generated, public content) and SKILL.md instructs the agent to read those reviewer comment bodies and apply fixes/commands based on them, so untrusted third‑party content can directly influence tool use and actions.