create-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Step 0 ("Extract Original Issue/Task Requirements") explicitly instructs using "gh issue view " and to link to a GitHub issue/task, meaning the agent must fetch and interpret user-generated GitHub issue content (untrusted third-party data) which directly determines plan decisions.