st-execute-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required workflow reads and ingests the task file’s Markdown (including its YAML frontmatter and any “Noteworthy Events” text) from <plan-dir>/tasks/<task-file> into the implementing agent’s context during “Execute the task” (step 8), and that task file is outsider-authored if the operating user did not author the plan/task content.