adw-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests GitHub issues (see run_adw pseudocode's fetch_issue and the github.py/GitHub operations) and then passes that user-generated, public content to agents (execute_agent) to drive branching, planning, and implementation, so untrusted third-party text can directly influence agent actions.