triage-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly ingests untrusted, user-generated content as part of its workflow—for example scripts/create_linear_ticket.py parses JSON from the linearis CLI (Linear issues), scripts/create_branch.py reads gh auth status (GitHub account data), and the OpenSpec proposal/tasks files (openspec/changes/*/proposal.md and tasks.md) are created/read and then applied—any of which could contain third‑party/user content that the agent will read and act on.