send-to-linear

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated third-party content (e.g., Fireflies transcripts via mcp__fireflies__get_summary and mcp__fireflies__get_transcript and Slack dumps via Slack MCP tools) as part of Phase 1–4 and uses that content to draft, verify, and decide ticket creation, so untrusted instructions in those sources could influence agent behavior.