brave-breakdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly tells the agent to fetch and read Linear issue content via the Linear MCP tool (mcp__claude_ai_Linear__get_issue and list_issues), and that card text and related project issues should be used to shape approach, estimates, and sequencing—i.e., it ingests user-generated third-party issue descriptions that can materially influence decisions.