gh-pr-review-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests unresolved GitHub PR review threads (user-generated comments) via the review-pack "fetch-pr" command and GitHub CLI/API (per SKILL.md and scripts/prepare_pr_bundle.py), and the agent reads and acts on that content to decide and apply fixes, exposing it to untrusted third-party instructions.