resolve-human-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and process human PR review comments from GitHub (via npx agent-reviews --humans-only --unanswered --expanded and the --watch loop), which are untrusted, user-generated third-party inputs that the agent reads and uses to decide fixes, commits, and replies.