fix-pr-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses GitHub PR review threads and CodeRabbit review bodies via GitHub API/GraphQL (see Phase 2 "Fetch review data" and "Parse CodeRabbit body's AI prompt block") — these are untrusted, user-generated third‑party comments that the agent reads and uses to drive triage, fixes, and tool actions, so they could carry indirect prompt-injection instructions.