batch-task-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests tasks from untrusted/user-generated sources (e.g., "file, issue tracker, pasted list, ... Jira export, PR list" in SKILL.md and "Issue trackers: Jira, GitHub issues, Linear, or similar" in references/intake.md) and then reads that content into intake/coordinator/workers (see Worker Prompt Template in references/execution.md) where it can materially influence delegation, prompts, and execution — creating an indirect prompt-injection surface.