prd-to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to "Read or fetch the PRD from wherever it lives" and to pull context from third‑party sources such as GitHub wiki pages, Notion pages, Figma URLs, and Linear issues (see "Step 1. Locate the PRD" and "Step 2. Gather external context"), which are untrusted/user‑generated sources the agent will read and use to drive decisions about issue creation.