product-owner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and ingests user-generated GitHub content (PRs, issues, and comments) via MCP/GraphQL and runs AI blocker/comment analysis as required by the workflow (see "Data Sources: GitHub (via MCP)", "Automated Blocker Identification", and the Mandatory Checklist entries "Query GitHub PRs and issues" and "Run AI blocker detection on comments"), so untrusted third-party content can influence recommendations and actions.