takomi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The migrate workflow explicitly instructs the agent to read "Current Status (GitHub Issues)" via gh issue list --state open ... (workflows/migrate.md), which pulls untrusted, user-generated content from public GitHub issues and expects the agent to read and synthesize that content into the state snapshot that directs subsequent actions—creating a clear path for indirect prompt injection.