blueprint-derive-plans

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to read "open GitHub issues" as part of its required analysis (Step 5: "Detect future work: TODOs in code, open GitHub issues, skipped tests") and references using the gh CLI in error handling, which means it will fetch and interpret user-generated content from a public third-party site (GitHub) that can influence generated PRDs/ADRs/PRPs.