summon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly fetches and parses public GitHub issues (modules/intake.md: "gh issue view --json title,body,labels,comments") and uses issue body/comments to drive decisions and pipeline behavior (e.g., skipping brainstorm, creating branch names, and forming requirements), so untrusted user-generated content could influence tool use and next actions.