bugfix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly runs "gh issue view " to pipe GitHub issue bodies (public, user-generated content) into .qwen/issues/issue-.md, and those issue files are then read and used by the agent and spawned test-engineer to reproduce, fix, and verify—so untrusted third-party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches a user-supplied GitHub issue (via the gh issue view <number> command) at runtime and injects that issue body into an artifact which is then passed to the test-engineer agent to drive reproduction, so the GitHub issue URL (e.g., https://github.com///issues/) directly controls agent prompts.