to-orc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly says it may "fetch referenced issues from the configured issue tracker" (SKILL.md step 1), meaning it ingests user-generated/public issue content which the agent will read and use to decide orchestration labels and actions, exposing it to untrusted third-party input that could inject instructions.