orchestrate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow ingests “open threads in the current conversation” and “a plan, PRD, issue list, or TODOs the user points at,” which can include outsider-authored free-form text (e.g., issue/PR/discussion comments) that the orchestrator then briefs into spawned agents’ prompts as readable context.