prd-completion-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly tells the agent to read linked external design documents from the PRD ("Follow Links: ... you MUST read those linked documents") and to inspect GitHub issues/PRs via the gh CLI (user-generated content), which are untrusted third-party sources that the agent must interpret and that can change its actions.