forge-address-pr-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 1 explicitly fetches GitHub pull request reviewThreads via the GraphQL API (including comments.body and author), and the workflow requires the agent to read and act on those reviewer comments, which are untrusted user-generated content that can influence commits, replies, and follow-up actions.