pr-guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's polling script (scripts/poll_pr_status.sh) calls the GitHub CLI and GH API (e.g., gh pr checks, gh pr view, gh api "repos/$REPO/pulls/$PR_NUMBER/comments") to read PR checks and user/bot-generated PR comment bodies (filtering by "✅ Addressed") and uses those results to decide whether to dispatch fixes (e.g., invoking /fix-review), so it clearly ingests untrusted, third-party PR content that can influence actions.