user-story-implementer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and acts on user-generated GitHub content—issue bodies, issue comments, and PR review comments via gh commands (e.g., gh issue view, gh pr view --comments)—and uses that content to select tasks and drive implementation, so untrusted third-party content can materially influence actions.