pr-address

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and paginates GitHub PR review threads and conversation comments using gh api GraphQL and REST (e.g., the "Fetch comments" GraphQL reviewThreads query and "gh api repos/.../issues/{N}/comments --paginate"), which are untrusted, user-generated third‑party contents that the agent is required to read and act on to decide fixes/replies, so they can materially influence tool actions and enable indirect prompt injection.