pr-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated PR review comments via "gh api repos/{owner}/{repo}/pulls//comments" (Step 2) and CI logs via "gh run view --log-failed" and then interprets and acts on those comments/suggestions to edit code (Step 3), which exposes the agent to untrusted third-party content that can materially influence actions.