work-on-ticket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/fetch-ticket.ts and scripts/start-work.ts) explicitly fetch Jira issue data via JiraClient.getIssue (pulling untrusted, user-authored fields like summary and description from the configured Jira instance) and then display that content and use the summary to construct branch names and drive actions (create branch, transition issue, add comments), so third-party content can materially influence tool behavior.