plan-change

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow includes “Find existing ADRs in docs/adr/ … and .feature files in specs/ … Read 2-3 existing examples of each to extract style,” which means it ingests existing repository text authored by others (outsider-authored docs) via file discovery into the LLM context.