planning-github-issue-tasks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and processes a GitHub issue snapshot at docs/<ISSUE_SLUG>.md (noted as "produced by fetching-github-issue") and the subagents (task-planner, dependency-prioritizer, task-validator, stage-validator) consume that user-generated GitHub content to drive planning, prioritization, and validation decisions, so untrusted third-party issue text can materially influence agent behavior.