architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and ingests GitHub issue content via commands like "gh issue view $1 --comments" (shown in SKILL.md Phase 1 and Quick Mode), which are user-generated, potentially public third-party contents that the agent is expected to interpret and use to drive design and follow-up actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly reads the product spec at runtime via "gh issue view $1 --comments" (i.e. a GitHub issue URL such as https://github.com///issues/), and that external issue content is injected into the agent's workflow/prompting, so it can directly control prompts.