backlog-tools-administrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's domain registry and workflow explicitly state that the primary CLI (backlog.py) syncs with GitHub Issues ("syncs with: GitHub Issues (source of truth)" in references/domain-registry.md), which are public, user-generated content the agent would read and could materially influence tool actions.