feature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 4.5 "Research Enrichment" (triggered by --research and documented in modules/research-enrichment.md and configuration.md) explicitly dispatches tome channels to fetch and synthesize external sources—code-search (GitHub), discourse (HN/Reddit), papers (arXiv), triz—and then applies those findings as deltas to scoring and subsequent issue creation, so untrusted, user-generated third‑party content is read and can materially change agent decisions.