ce-compound

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Related Docs Finder explicitly runs a GitHub issue search using the gh CLI (see "GitHub issue search: Prefer the gh CLI for searching related issues") and may also invoke external GitHub/MCP tools in Phase 1, and those user-generated issue results are read and folded into the orchestrator's decisions (overlap assessment, What Didn't Work, Prevention), exposing the agent to untrusted third-party content that can influence actions.