pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly instructs the agent to "Read linked issue" (Workflow step 2) — i.e., ingest user-generated GitHub/issue content — and to derive acceptance criteria and PR text from it, so untrusted third-party issue content can materially influence actions.