memo-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2) explicitly fetches issue references via the issue-tracker workflow (docs/agents/issue-tracker.md), meaning it will retrieve and read user-generated issue/PR content from external trackers (e.g., GitHub/GitLab) and use that spec text to drive the Spec sub-agent's analysis and downstream decisions, exposing it to untrusted third-party content.