ops-next

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on user-generated third-party content — e.g., gh pr list, mcp__linear__list_issues / Linear GraphQL fallback, WebFetch for GitHub/Linear/Sentry, and ops-unread (WhatsApp/email) — and uses those external items to decide priorities and route actions, so untrusted third-party content can influence agent behavior.