pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s Phase 2 fetches PR comment/review text from GitHub (gh pr view ... --json comments,reviews and gh api .../pulls/$PR/comments plus GraphQL reviewThreads{...comments{nodes{path body ...}}}), which is outsider-authored free text from other users’ PR review threads and conversations.