complete-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses user-authored issue bodies and backlog/artifact data via mcp__plugin_dh_backlog__backlog_view and mcp__plugin_dh_backlog__backlog_list (extracting the issue "body" acceptance criteria and artifact manifests) and uses that untrusted, user-generated content to build plans and drive task dispatch/decisions, so third-party content can materially influence agent actions.