prd-to-tickets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Locate the PRD" step explicitly directs the agent to fetch/read PRDs from external sources (doc URL, GitHub issue/PR, Notion page, or pasted text), so it ingests untrusted third-party content that the agent must interpret to drive ticket-creation and workflow decisions.