implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Resource Scanning step (references/phase3.2-resource-scanning.md) instructs the agent to visit and read arbitrary links gathered from a JIRA ticket — including "other" URLs via WebFetch, Confluence pages, GitHub links, and Figma/artifact outputs — and those fetched contents are explicitly compiled into <supporting_context> and fed into the meta-prompter and implementation planning (references/phase4-prompt-optimization.md and phase5), so untrusted third-party content can directly influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly accepts and uses a runtime JIRA URL (e.g. https://[domain].atlassian.net/browse/[TICKET-ID]) and then reads the ticket JSON and visits linked remote URLs (Confluence, Figma, GitHub, "other" links) whose fetched content is injected into subagent prompts and used to drive task execution, so remote URLs are directly controlling agent prompts at runtime.