groom-backlog-item

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs agents to fetch and verify claims against external primary sources using WebFetch/WebSearch and to read GitHub issue content via MCP tools (see "Fact-Check — evidence rules" and Step 2 validity checks / backlog_view/backlog_list), which are untrusted, user-generated third-party sources that the agent reads and uses to make decisions (e.g., marking conditions MISSING/AVAILABLE, gating grooming, closing issues).