orchestrating-github-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator and its subagents explicitly fetch and consume user-generated GitHub issue content (e.g., Phase 1 via fetching-github-issue using the provided ISSUE_URL and GitHub CLI gh, and the issue-status-checker reading issue body/comments), and that content is used by downstream planning/critique/execution phases to make decisions and drive actions, so untrusted third-party content can materially influence tool use.