brainstorm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Configuration Detection" and Phase 1 Step 4 in guide.md explicitly say the assistant will "Read project README" and "Scan recent issues/PRs (if git repository)", meaning it ingests user-generated repository issues/PRs and README content that the agent is expected to interpret and use to drive brainstorming and follow-up actions, which could allow indirect prompt injection from untrusted third-party content.