agentic-qa-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs post-bootstrap steps to populate and consume external, user-generated catalogs (e.g., "bun run jira:sync-fields" and "bun run jira:sync-workflows" to fill .agents/jira-fields.json / .agents/jira-workflows.json) and the docs/examples also instruct using GitHub CLI (e.g., "gh run download") — the agent reads those fetched Jira/GitHub artifacts as part of its workflow (agents-lint and other skills load those files) so untrusted third-party content can influence decisions and tool use.