harness-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory audit checklist and workflow explicitly instruct the agent to query external tracker/hosting systems and user-generated content (e.g., "Branch protection rules (try gh api repos/{{OWNER}}/{{REPO}}/branches/main/protection)", pulling PR review comments in the GC cadence, and running a live tracker preflight like bun run symphony validate ... --live-tracker), so the agent will fetch and interpret untrusted, third‑party user-generated content (GitHub/Linear PRs, comments, tracker state) that can materially influence decisions and tool use.