ziw-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes “fetch that issue” / “search the issue tracker” and then “Capture original intent” and later “comment with … acceptance criteria status,” which can ingest outsider-authored free text from an external issue tracker (e.g., GitHub/Jira/Linear issue body/comments) into the agent’s LLM context.