ziw-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow ingests outsider-authored issue tracker content (e.g., “Existing tracker … issue comments” and “issues … in the configured ready or active states,” including PR-linked evidence and comment text) into the agent context via the tracker API/query results, which can contain arbitrary free text from non-operating users.