pr-review-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses PR review comments from GitHub (via cache-read-comment.sh: REVIEW_CONTENT=$(${CLAUDE_PLUGIN_ROOT}/scripts/cache-read-comment.sh "$PR_NUMBER")), treats those user-generated review comments as untrusted input to identify unresolved items, and requires including the full problem description from those comments into background task prompts and decision-making (steps 3.1–3.4), so third-party content can materially influence tool actions.