resolve-pr-parallel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly instructs the agent to fetch and read PR comments and review threads from GitHub (e.g., gh pr view PR_NUMBER --json ... and gh api repos/{owner}/{repo}/pulls/PR_NUMBER/comments), which are user-generated, potentially untrusted third-party content that the agent will interpret and act on (spawn subagents to change code and resolve threads).