w02-task-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly integrates with GitHub Issues (e.g., "长程任务必须启用 GitHub Issue 存档 (W00)" and "issue checkpoint update (线上 issue 评论)"/"创建/绑定 GitHub Issue"), and the agent is expected to read and use issue content to resume/update checkpoints, which exposes it to untrusted, user-generated third-party content.