resolve-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and ingests user-generated GitHub PR review comments (see "Fetch all review comments" with gh api repos/{owner}/{repo}/pulls//comments and issues//comments in SKILL.md) and instructs the agent to read/interpret those comments and then implement fixes and resolve threads, so untrusted third-party content can directly influence actions.