woostack-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider-authored PR review text is fetched at runtime via scripts/fetch-threads.sh (GraphQL reviewThreads nodes’ comments[].body and author.login) and written as readable prose into $OUTDIR/address-threads.json, which is then consumed by the analysis/recommendation loop in prompts/address.md.