pr-lifecycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes a webhook subscription (mcp__github__subscribe_pr_activity) where the harness forwards issue comments/review activity as user messages wrapped in <github-webhook-activity> tags; those events can contain outsider-authored free text (e.g., comments/reviews by other users) that the agent then reads into LLM context.