work-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads GitHub issue bodies and any referenced parent PRDs (see the "Find the next issue" command gh issue list ... and the "Read the issue body. If it references a parent PRD, read that too." step), which are user-generated/untrusted content that the agent uses to decide what code to implement and what actions to take.