forge-implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 1 explicitly instructs the agent to fetch and parse Issues (title, acceptance criteria, labels, comments) from the project's Issue tracker—user-generated, potentially public content—which the agent will read and use to drive planning and code actions, creating a clear avenue for indirect prompt injection.