ito-prd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and uses GitHub issue bodies and metadata (see "步驟 2：讀取既有 PRD（僅編輯模式）" and the "gh issue 分支" in 步驟 6) as part of its required edit workflow, exposing the agent to untrusted, user-generated content on GitHub that can materially influence its questions, decisions, and actions.