swain-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public GitHub issue content via skills/swain-design/scripts/issue-integration.sh (see references/github-issues-integration.md: "promote to fetch issue data as JSON") and then reads the issue body to populate Spec fields and perform transition actions (post comments/close), which exposes the agent to untrusted, user-generated third-party content that can materially influence subsequent actions.