github-scrum

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated GitHub content (e.g., "Review the backlog" using GH_PAGER=cat gh issue list, "Check acceptance criteria — read the issue", and release notes built from merged PRs), so untrusted issue/PR/milestone text from GitHub can be ingested and influence the agent's decisions and actions.