address-pr-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and process review "body" fields and reviewThreads from GitHub via the provided GraphQL queries (see "Fetch Reviews and Threads"), which are user-generated, untrusted third-party inputs the agent must read and act on (fix code, reply, resolve threads), so they could carry indirect prompt injection.