add-new-feature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to read GitHub issue content and registered artifacts (via backlog_view(selector="#{issue}"), artifact_list, and artifact_read), which are user-generated/untrusted third-party contents that the agents must interpret and incorporate into design and task decisions.