roadmap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub issue data (e.g., gh issue list / gh api repos/... in SKILL.md and references/sync.md & references/generate.md), which is user-generated, untrusted third-party content that the agent is required to read and that directly affects label changes, LOE estimates, roadmap updates, and recommended actions.