pr-polish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly queries GitHub for PR review threads, top-level reviews, and issue comments (see "Snapshotting state" and the gh api GraphQL/REST calls that fetch reviewThreads, pulls/{PR}/reviews, and issues/{PR}/comments), which are untrusted, user-generated third‑party contents that the orchestrator reads and uses to decide whether to invoke pr-address, sleep, or finish—allowing injected instructions in those comments to influence tool actions.