implement-feature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches ready tasks via backlog_get_ready_sam_tasks / mcp__plugin_dh_sam__sam_ready (noting a GitHub fallback) and then reads the returned ready-tasks JSON — including task 'agent' and 'skills' fields — to decide which agents/skills to load and dispatch, so user-generated backlog content from GitHub/public sources can directly influence agent behavior.