build-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads GitHub issue content and project board items (e.g., via "gh issue view --json title,body,labels,..." and project item-list commands) and uses the issue/decision-record body to drive API design and workflow decisions, which are user-generated, untrusted third‑party content that can materially influence subsequent actions.