work-intake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to inspect "existing GitHub issues and project board items" and runs gh project view/field-list commands to read project data from GitHub, which are user-generated third-party contents the agent will consume and interpret.