forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Runtime fetches and ingests outsider-authored free text from the target issue/ticket: Step 2 reads the issue body and every comment via host APIs/CLIs (e.g., GitHub gh issue view ... --json ... comments, Jira/Linear MCP comment bodies), which then enter the agent’s LLM context for Steps 4–5.