ln-302-task-replanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and parses full task descriptions from external providers (e.g., Linear/GitHub) — see references/storage_mode_detection.md ("linear"/"github" providers), references/replan_algorithm_common.md Phase 1 "Fetch existing items from Linear (or files)" and references/replan_algorithm.md examples calling list_issues and "Load FULL descriptions" — and uses that untrusted, user-generated content to decide KEEP/UPDATE/OBSOLETE/CREATE operations that drive API calls and kanban updates, so third-party content can materially influence agent actions.