scrum-conductor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to pull and synthesize external user-generated content — e.g., "Telemetry Sync: Pull recent activity from git commits, PRs, and communication channels" and "Use Explore agent to scan GitHub Issues, Jira, and Linear" in SKILL.md — which are untrusted third‑party sources the agent will read and act on, enabling indirect prompt injection risk.