ai-dev-tools-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow’s Step 2 ("Research Latest Features") explicitly instructs the agent to search the web and consult external sources (e.g., references/copilot-features.md with links to docs.github.com and other web pages), meaning the agent will fetch and interpret untrusted third‑party web content that can change synchronization decisions.