spec-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Phase A workflow explicitly runs "gh issue view {N} --json title,body" to read GitHub issue content (user-generated third-party text) and then uses that content to guide implementation decisions and actions, so untrusted issue text could materially influence the agent's behavior.