address-pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). This SKILL.md explicitly handles and instructs the agent to read and act on external reviewer comments (user-generated content) and to interact with GitHub review threads via the gh API ("External Reviewers" and "GitHub Thread Replies"), which means it ingests untrusted third‑party content that can influence actions.