addressing-pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub review and issue comments using commands like "gh api repos/{owner}/{repo}/pulls/{PR}/comments" and "gh pr view {PR} --comments", and those untrusted comments are parsed and used to decide/drive code changes and replies.