issue-discover

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, user-generated content (e.g., GitHub issue bodies via gh issue view in phases/01-issue-new.md) and spawns external "Exa" research agents to search/synthesize web best-practices (phases/02-discover.md), and those third-party contents are read and used to create issues, drive agent prompts, and generate/execute tasks—so untrusted external content can materially influence actions.