blueprint-derive-plans

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 5 and REFERENCE explicitly state it will detect and incorporate "open GitHub issues" (and even mentions using the gh CLI) to find future work and map issues to features, so it ingests user-generated public GitHub content that the agent will read and use to drive generated documents and decisions.