planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's research workflow explicitly instructs agents to read public GitHub resources and fetch remote repositories (see references/research-phase.md "GitHub Analysis" and "Remote Repository Analysis" which use GitHub URLs and gh/repomix), meaning it ingests untrusted, user-generated third-party content that will be interpreted and used to drive planning decisions.