review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The workflow ingests outsider-authored free text from the issue tracker/spec sources (e.g., issue/PR body text or PRD files fetched from the external issue tracker in docs/agents/issue-tracker.md) into the Spec sub-agent prompt via the “fetch via the workflow” step.