feature-intake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill explicitly reads existing GitHub issue/project-board state (titles/bodies/comments/fields) via gh issue list ... --json ... projectItems and gh project ... during duplicate/nearby-work checks, and those bodies/comments are outsider-authored free text that can be ingested into the agent’s LLM context for analysis (even though it says to treat them as untrusted).