brag-sheet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The backfill workflow explicitly instructs the agent to run gh pr list and mine PR history (and commit/PR metadata) from GitHub — user-generated, potentially public third-party content — and to read and interpret those results to draft entries, so untrusted external text can influence the agent's outputs and actions (see "Backfill Workflow" Step 1 with the gh pr list command).