product-implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches tracker content via "linear api" and "gh issue list/view" and injects the ISSUE_BODY into the implementer prompt (see Phase 1 issue selection and Phase 2 build prompt / assets/implementer-template.md), so user-generated tracker content from third-party services could be read and used to drive agent actions.