do-work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Process step 1 explicitly instructs the agent to "Read the issue body, labels, blockers, and any repo docs" (SKILL.md), which consumes user-generated GitHub issue content and repo docs that can directly influence branching, merging, and other actions, creating a clear vector for indirect prompt injection.