routine-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires reading and acting on untrusted, user-provided inputs—notably the API /fire text payload and GitHub webhook/event data—as part of its core workflow (see "Step 1: Capture the unattended task" and the API/GitHub trigger sections in references/prompt-anatomy.md and references/trigger-guide.md), so third-party content can materially influence routine behavior.