finish-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly fetches and ingests user-generated GitHub content (e.g., "Fetch the full PR feedback surface ... Unresolved inline review threads through paginated GraphQL", top-level PR comments, and review bodies) as required runtime steps (workflows/ready-for-merge.md and workflows/triage.md) and uses that content to triage and decide automated actions, so untrusted third-party comments could inject instructions that influence behavior.