ops-orchestrate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests user-generated/untrusted content from third-party services—e.g., Phase 1d "External issue sources" (Sentry via sentry-cli, Linear via api.linear.app, and GitHub Issues via gh) and Phase 4 "Read the PR" (gh pr view)—and uses that content to create tasks, decide dispatch/merging, and steer agents, so third-party text can materially influence tool use and next actions.