ce-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md (Phase 0: Triage) explicitly instructs the agent to fetch and read issue tracker pages (GitHub, Linear, Jira, or arbitrary tracker URLs) and "Read the full conversation — the original description AND every comment", which are untrusted, user-generated third‑party contents the agent must interpret and that can directly influence investigation steps and actions.