spec-implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh issue view {N} to ingest GitHub issue title/body and also reads project workflow and agent definition files (issue-to-pr-workflow.md, Agent definition files / .claude/agents/*) and injects their contents into orchestration logic and sub-agent prompts, so untrusted user-generated issue text or workflow/agent files can materially influence actions and tool invocations.