writing-plans

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime LLM context is populated from the user’s provided spec/issue content (the “## Implementation Plan” comment on the GitHub issue), which is outsider-authored free text not chosen by the operating user (e.g., PRD/work item text and comments by others), so it can include indirect prompt-injection payloads.