vp-checklist-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses GitHub PR/issue bodies and comments (Phase 1: "Fetch Checklist Sources" using gh pr view and GraphQL for comments), which are user-generated, untrusted content that the agent reads and uses to classify items and drive verification actions (launching subagents, running shell checks, and editing checkboxes), creating a clear vector for indirect prompt injection.