ce-work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly probes and interacts with external project trackers and third-party services (references/tracker-defer.md shows probing GitHub via gh auth status / gh repo view and filing issues, and SKILL.md requires "Review any references or links provided in the plan"), so it clearly ingests untrusted/user-generated content from external trackers and links and uses that content to drive ticketing and routing decisions.