objective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (references/workflow.md and SKILL.md) explicitly instructs the agent to read GitHub issue bodies and recent comments (e.g., "gh issue view --comments", "Read the issue body", "Read recent comments", "erk objective view"), meaning it ingests untrusted, user-generated GitHub issue/comment content that can materially influence actions like updating statuses or closing objectives.