public-relations-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The persona's required workflow (references/README.md) explicitly scans and reads public GitHub repositories/issues (user-generated, untrusted content) every 15 minutes and uses that content to triage, create beads, and post updates, meaning third-party issue text can materially influence the agent's decisions and actions.