docs-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly ingests PR content (the orchestrator is passed the PR number) and directs the localizer and per-page panelists to read specific documentation pages from the public microsoft/apm repo (the PR diff, page briefs and doc pages are untrusted, user-contributed content) which directly drive classifier verdicts, fan-out actions, tool verification runs, and optional companion-PR creation, so third-party content can materially influence agent decisions and tool use.