memory-documentary

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The execution protocol (references/execution-protocol.md, Phase 3 "GitHub Issues") explicitly instructs the agent to run gh issue list and ingest issue bodies/comments/quotes (user-generated, public GitHub content) as primary evidence that will be read, synthesized, and used to drive findings and recommendations, so untrusted third-party content can influence tool use and decisions.