forge-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches GitHub issue bodies via gh issue view (see "Input Parsing") and uses that user-generated public content as the topic/plan source that the agent reads and acts on across planning, domain-skill invocation, and execution, which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches GitHub issue content at runtime (github.com via gh issue view) and uses the issue body directly as the topic that drives brainstorming, plans, and execution, so external content from github.com can directly control agent prompts.