spec-implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses GitHub issue content via "gh issue view {N} --json title,body,labels,assignees" and also injects repository/agent-definition files and git diffs into sub-agent prompts (see Phase 4 and cmux-delegate / Agent definition file injection), meaning untrusted/user-generated issue bodies and other third-party content are read and can materially influence tool invocations and decisions—enabling indirect prompt injection.