ralph-plot-sprint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret GitHub-hosted, user-generated content (e.g., SKILL.md Step 1 and the orient/check steps call commands like gh api repos/<owner>/pulls/<n>/comments, gh pr diff, and gh pr checks) and to act on those comments/diffs (fix code, merge/rebase), so untrusted third-party PR/comments can materially influence automation.