ticket-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Phase: Fetch" explicitly invokes a fetch-ticket skill and the config schema lists external sources like YouTrack and GitHub (references/config-schema.json), saving ticket.md and feeding it into analyze/explore/plan phases, so untrusted user-generated ticket content from third‑party sites is read and can materially change agent actions.