linear-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to accept and read external sources such as "GitHub, PR, issue, or doc URLs" and to search/read matching PRs, branches, and public docs (see PM Mode "Accept any source that the environment can read" and workflow steps), which are untrusted, user-generated third‑party content that the agent must interpret to drive decisions and actions.