backlog-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and processing public, user-generated GitHub issues from PrefectHQ/prefect (see "Candidate Queries" gh issue list and the "Workflow"/"Two-Pass Review Depth" sections), requiring the agent to read and act on third-party issue content that can change labeling/close actions.