epic-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and acts on external tracker content (see references/sync.md and references/adapters/github.md which fetch repo labels, org issue types, and issue/milestone/release bodies via MCP/CLI and references like list_artifacts/fetch_artifact), and those tracker items (e.g., GitHub issues) are user-generated/untrusted and are used to drive mapping, conflict resolution, and subsequent push/pull actions—so third‑party content can materially influence agent behavior.