review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The workflow ingests outsider-authored free text from the issue tracker by fetching issue/PR bodies referenced in commit messages (step 2.1 → docs/agents/issue-tracker.md), and that fetched text is then included in the Spec sub-agent prompt context.