iterate-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub content (e.g., scripts/fetch_pr_feedback.py calls "gh api repos/{owner}/{repo}/pulls/{number}/comments" and GraphQL reviewThreads, and scripts/fetch_pr_checks.py pulls CI logs with "gh run view --log-failed"), and that untrusted PR comments and logs are read and used to drive fix/reply/monitoring decisions, so third-party content can materially influence agent actions.