backlog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from public GitHub (e.g., backlog_list with from_github, backlog_pull which pulls GitHub issue bodies into local files, backlog_list_comments and backlog_read_comment for comment bodies, and backlog_sync/body-sync behavior described in SKILL.md), and that content is read and used by the agent/LLM in workflows (grooming, matching, state transitions), so untrusted third-party content could inject instructions that influence actions.