gh-address-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow and scripts/fetch_comments.py explicitly call the GitHub CLI / GraphQL API to fetch PR comments, reviews, and reviewThreads (including comment bodies) from GitHub—user-generated, third-party content—which the agent is instructed to read and use to decide and implement code changes.