prd-slice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch PRDs from external trackers (e.g., "fetch the PRD content" using commands in references/github.md and references/azure-devops.md such as gh issue view <number> and az boards work-item show), which ingests user-generated, potentially untrusted public content that the agent must read and use to decide and create follow-up work items.