pull-requests

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow ingests PR review comments and threads authored by other people (outsider) via GitHub API calls (e.g., gh api repos/{owner}/{repo}/pulls/{pr}/comments and the GraphQL reviewThreads query), which are free-form text that can be included in the agent’s LLM context for planning/replying.