ln-1000-pipeline-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The orchestrator explicitly auto-discovers and ingests tracker content via Linear/GitHub providers (Phase 1: "Auto-discover docs/tasks/kanban_board.md (or Linear API via storage mode operations)" and provider_github/provider_linear pseudocode) and also uses the research fallback chain including WebSearch/WebFetch (references/research_tool_fallback.md), and it reads/interprets those external, user-generated issue/story/website contents to drive stage selection, questions, and task execution, so untrusted third‑party content can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs bypassing security controls (e.g., requiring .claude/settings.local.json defaultMode="bypassPermissions" and running PowerShell with -ExecutionPolicy Bypass) and runs background scripts/automated workspace-modifying commands, which directs the agent to bypass security mechanisms and modify machine state beyond benign file edits.